Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UFh7A8CImG.exe

Overview

General Information

Sample name:UFh7A8CImG.exe
renamed because original name is a hash value
Original sample name:807cf9e5e22a71ca4bf1e31e955c1e2dfc80f1d38decf8b52857c29aadf04b90.exe
Analysis ID:1573190
MD5:33285b33f1d7997939c34a2deb30beac
SHA1:0a2dc41c5e470fee6a1247111b3fd0fac66ced4d
SHA256:807cf9e5e22a71ca4bf1e31e955c1e2dfc80f1d38decf8b52857c29aadf04b90
Tags:172-86-106-205exeuser-JAMESWT_MHT
Infos:

Detection

DanaBot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DanaBot stealer dll
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
May use the Tor software to hide its network traffic
PE file has a writeable .text section
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries device information via Setup API
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the installation date of Windows
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores large binary data to the registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • UFh7A8CImG.exe (PID: 6736 cmdline: "C:\Users\user\Desktop\UFh7A8CImG.exe" MD5: 33285B33F1D7997939C34A2DEB30BEAC)
    • MIs.exe (PID: 7028 cmdline: "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe" MD5: 5B219E412528752277F1118513D99D43)
      • cmd.exe (PID: 6496 cmdline: C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 6240 cmdline: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
  • MIs.exe (PID: 5260 cmdline: "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe" MD5: 5B219E412528752277F1118513D99D43)
  • MIs.exe (PID: 2848 cmdline: "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe" MD5: 5B219E412528752277F1118513D99D43)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DanaBotProofpoints describes DanaBot as the latest example of malware focused on persistence and stealing useful information that can later be monetized rather than demanding an immediate ransom from victims. The social engineering in the low-volume DanaBot campaigns we have observed so far has been well-crafted, again pointing to a renewed focus on quality over quantity in email-based threats. DanaBots modular nature enables it to download additional components, increasing the flexibility and robust stealing and remote monitoring capabilities of this banker.
  • SCULLY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.danabot

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DanaBot_stealer_dllYara detected DanaBot stealer dllJoe Security
      00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DanaBot_stealer_dllYara detected DanaBot stealer dllJoe Security
          0000000A.00000003.2753770406.0000000004F46000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 71 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe", CommandLine: C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe, ParentProcessId: 7028, ParentProcessName: MIs.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe", ProcessId: 6496, ProcessName: cmd.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe", CommandLine: C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe, ParentProcessId: 7028, ParentProcessName: MIs.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe", ProcessId: 6496, ProcessName: cmd.exe
            Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe, ProcessId: 7028, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Advanced Vynil Studio
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe", CommandLine: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6496, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe", ProcessId: 6240, ProcessName: powershell.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-11T16:20:13.305878+010020344651Malware Command and Control Activity Detected192.168.2.44976677.221.149.84443TCP
            2024-12-11T16:20:13.374734+010020344651Malware Command and Control Activity Detected192.168.2.44976789.116.191.177443TCP
            2024-12-11T16:20:13.429716+010020344651Malware Command and Control Activity Detected192.168.2.449768213.210.13.4443TCP
            2024-12-11T16:20:13.474919+010020344651Malware Command and Control Activity Detected192.168.2.449769193.188.22.40443TCP
            2024-12-11T16:20:40.249455+010020344651Malware Command and Control Activity Detected192.168.2.44983577.221.149.84443TCP
            2024-12-11T16:20:40.296932+010020344651Malware Command and Control Activity Detected192.168.2.44983689.116.191.177443TCP
            2024-12-11T16:20:40.356516+010020344651Malware Command and Control Activity Detected192.168.2.449837213.210.13.4443TCP
            2024-12-11T16:20:40.413926+010020344651Malware Command and Control Activity Detected192.168.2.449838193.188.22.40443TCP
            2024-12-11T16:20:48.811294+010020344651Malware Command and Control Activity Detected192.168.2.44985977.221.149.84443TCP
            2024-12-11T16:20:48.902682+010020344651Malware Command and Control Activity Detected192.168.2.44986289.116.191.177443TCP
            2024-12-11T16:20:48.969870+010020344651Malware Command and Control Activity Detected192.168.2.449864213.210.13.4443TCP
            2024-12-11T16:20:49.031702+010020344651Malware Command and Control Activity Detected192.168.2.449866193.188.22.40443TCP
            2024-12-11T16:20:55.417285+010020344651Malware Command and Control Activity Detected192.168.2.44988277.221.149.84443TCP
            2024-12-11T16:20:55.472356+010020344651Malware Command and Control Activity Detected192.168.2.44988389.116.191.177443TCP
            2024-12-11T16:20:55.517739+010020344651Malware Command and Control Activity Detected192.168.2.449884213.210.13.4443TCP
            2024-12-11T16:20:55.573573+010020344651Malware Command and Control Activity Detected192.168.2.449885193.188.22.40443TCP
            2024-12-11T16:20:57.928233+010020344651Malware Command and Control Activity Detected192.168.2.44989877.221.149.84443TCP
            2024-12-11T16:20:57.981516+010020344651Malware Command and Control Activity Detected192.168.2.44990089.116.191.177443TCP
            2024-12-11T16:20:58.043112+010020344651Malware Command and Control Activity Detected192.168.2.449901213.210.13.4443TCP
            2024-12-11T16:20:58.108100+010020344651Malware Command and Control Activity Detected192.168.2.449902193.188.22.40443TCP
            2024-12-11T16:21:00.609089+010020344651Malware Command and Control Activity Detected192.168.2.44991277.221.149.84443TCP
            2024-12-11T16:21:00.697448+010020344651Malware Command and Control Activity Detected192.168.2.44991389.116.191.177443TCP
            2024-12-11T16:21:00.749246+010020344651Malware Command and Control Activity Detected192.168.2.449914213.210.13.4443TCP
            2024-12-11T16:21:00.806160+010020344651Malware Command and Control Activity Detected192.168.2.449915193.188.22.40443TCP
            2024-12-11T16:21:05.261872+010020344651Malware Command and Control Activity Detected192.168.2.44993077.221.149.84443TCP
            2024-12-11T16:21:05.339996+010020344651Malware Command and Control Activity Detected192.168.2.44993189.116.191.177443TCP
            2024-12-11T16:21:06.439787+010020344651Malware Command and Control Activity Detected192.168.2.449932213.210.13.4443TCP
            2024-12-11T16:21:06.510103+010020344651Malware Command and Control Activity Detected192.168.2.449934193.188.22.40443TCP
            2024-12-11T16:21:09.045787+010020344651Malware Command and Control Activity Detected192.168.2.44994477.221.149.84443TCP
            2024-12-11T16:21:09.116217+010020344651Malware Command and Control Activity Detected192.168.2.44994589.116.191.177443TCP
            2024-12-11T16:21:09.165381+010020344651Malware Command and Control Activity Detected192.168.2.449946213.210.13.4443TCP
            2024-12-11T16:21:09.215252+010020344651Malware Command and Control Activity Detected192.168.2.449947193.188.22.40443TCP
            2024-12-11T16:21:11.524277+010020344651Malware Command and Control Activity Detected192.168.2.44995977.221.149.84443TCP
            2024-12-11T16:21:11.573357+010020344651Malware Command and Control Activity Detected192.168.2.44996189.116.191.177443TCP
            2024-12-11T16:21:11.625747+010020344651Malware Command and Control Activity Detected192.168.2.449963213.210.13.4443TCP
            2024-12-11T16:21:11.695240+010020344651Malware Command and Control Activity Detected192.168.2.449964193.188.22.40443TCP
            2024-12-11T16:21:16.026216+010020344651Malware Command and Control Activity Detected192.168.2.44997977.221.149.84443TCP
            2024-12-11T16:21:16.097757+010020344651Malware Command and Control Activity Detected192.168.2.44998089.116.191.177443TCP
            2024-12-11T16:21:16.154703+010020344651Malware Command and Control Activity Detected192.168.2.449981213.210.13.4443TCP
            2024-12-11T16:21:16.233722+010020344651Malware Command and Control Activity Detected192.168.2.449982193.188.22.40443TCP
            2024-12-11T16:21:18.701549+010020344651Malware Command and Control Activity Detected192.168.2.44999277.221.149.84443TCP
            2024-12-11T16:21:18.789051+010020344651Malware Command and Control Activity Detected192.168.2.44999389.116.191.177443TCP
            2024-12-11T16:21:18.867388+010020344651Malware Command and Control Activity Detected192.168.2.449994213.210.13.4443TCP
            2024-12-11T16:21:18.943422+010020344651Malware Command and Control Activity Detected192.168.2.449995193.188.22.40443TCP
            2024-12-11T16:21:21.279067+010020344651Malware Command and Control Activity Detected192.168.2.45000577.221.149.84443TCP
            2024-12-11T16:21:21.335371+010020344651Malware Command and Control Activity Detected192.168.2.45000689.116.191.177443TCP
            2024-12-11T16:21:21.381103+010020344651Malware Command and Control Activity Detected192.168.2.450007213.210.13.4443TCP
            2024-12-11T16:21:21.441685+010020344651Malware Command and Control Activity Detected192.168.2.450008193.188.22.40443TCP
            2024-12-11T16:21:25.764053+010020344651Malware Command and Control Activity Detected192.168.2.45002377.221.149.84443TCP
            2024-12-11T16:21:25.807240+010020344651Malware Command and Control Activity Detected192.168.2.45002489.116.191.177443TCP
            2024-12-11T16:21:25.857669+010020344651Malware Command and Control Activity Detected192.168.2.450025213.210.13.4443TCP
            2024-12-11T16:21:26.980132+010020344651Malware Command and Control Activity Detected192.168.2.450026193.188.22.40443TCP
            2024-12-11T16:21:29.346886+010020344651Malware Command and Control Activity Detected192.168.2.45004177.221.149.84443TCP
            2024-12-11T16:21:29.413996+010020344651Malware Command and Control Activity Detected192.168.2.45004289.116.191.177443TCP
            2024-12-11T16:21:29.463255+010020344651Malware Command and Control Activity Detected192.168.2.450043213.210.13.4443TCP
            2024-12-11T16:21:30.544801+010020344651Malware Command and Control Activity Detected192.168.2.450044193.188.22.40443TCP
            2024-12-11T16:21:32.916030+010020344651Malware Command and Control Activity Detected192.168.2.45005577.221.149.84443TCP
            2024-12-11T16:21:32.975659+010020344651Malware Command and Control Activity Detected192.168.2.45005689.116.191.177443TCP
            2024-12-11T16:21:33.025784+010020344651Malware Command and Control Activity Detected192.168.2.450057213.210.13.4443TCP
            2024-12-11T16:21:33.076558+010020344651Malware Command and Control Activity Detected192.168.2.450058193.188.22.40443TCP
            2024-12-11T16:21:38.542939+010020344651Malware Command and Control Activity Detected192.168.2.45007777.221.149.84443TCP
            2024-12-11T16:21:38.603029+010020344651Malware Command and Control Activity Detected192.168.2.45007889.116.191.177443TCP
            2024-12-11T16:21:38.647312+010020344651Malware Command and Control Activity Detected192.168.2.450079213.210.13.4443TCP
            2024-12-11T16:21:38.700116+010020344651Malware Command and Control Activity Detected192.168.2.450080193.188.22.40443TCP
            2024-12-11T16:21:41.174137+010020344651Malware Command and Control Activity Detected192.168.2.45009077.221.149.84443TCP
            2024-12-11T16:21:41.225588+010020344651Malware Command and Control Activity Detected192.168.2.45009189.116.191.177443TCP
            2024-12-11T16:21:41.269749+010020344651Malware Command and Control Activity Detected192.168.2.450092213.210.13.4443TCP
            2024-12-11T16:21:41.339466+010020344651Malware Command and Control Activity Detected192.168.2.450093193.188.22.40443TCP
            2024-12-11T16:21:45.091020+010020344651Malware Command and Control Activity Detected192.168.2.45010877.221.149.84443TCP
            2024-12-11T16:21:45.172326+010020344651Malware Command and Control Activity Detected192.168.2.45010989.116.191.177443TCP
            2024-12-11T16:21:45.223572+010020344651Malware Command and Control Activity Detected192.168.2.450110213.210.13.4443TCP
            2024-12-11T16:21:45.315281+010020344651Malware Command and Control Activity Detected192.168.2.450111193.188.22.40443TCP
            2024-12-11T16:21:50.818784+010020344651Malware Command and Control Activity Detected192.168.2.45012777.221.149.84443TCP
            2024-12-11T16:21:50.866471+010020344651Malware Command and Control Activity Detected192.168.2.45012889.116.191.177443TCP
            2024-12-11T16:21:50.928435+010020344651Malware Command and Control Activity Detected192.168.2.450129213.210.13.4443TCP
            2024-12-11T16:21:50.974114+010020344651Malware Command and Control Activity Detected192.168.2.450130193.188.22.40443TCP
            2024-12-11T16:21:53.355091+010020344651Malware Command and Control Activity Detected192.168.2.45014177.221.149.84443TCP
            2024-12-11T16:21:53.431566+010020344651Malware Command and Control Activity Detected192.168.2.45014289.116.191.177443TCP
            2024-12-11T16:21:53.499724+010020344651Malware Command and Control Activity Detected192.168.2.450143213.210.13.4443TCP
            2024-12-11T16:21:53.581869+010020344651Malware Command and Control Activity Detected192.168.2.450144193.188.22.40443TCP
            2024-12-11T16:21:55.964374+010020344651Malware Command and Control Activity Detected192.168.2.45015777.221.149.84443TCP
            2024-12-11T16:21:56.028077+010020344651Malware Command and Control Activity Detected192.168.2.45015889.116.191.177443TCP
            2024-12-11T16:21:56.114017+010020344651Malware Command and Control Activity Detected192.168.2.450159213.210.13.4443TCP
            2024-12-11T16:21:56.190222+010020344651Malware Command and Control Activity Detected192.168.2.450160193.188.22.40443TCP
            2024-12-11T16:22:00.511839+010020344651Malware Command and Control Activity Detected192.168.2.45017577.221.149.84443TCP
            2024-12-11T16:22:00.568737+010020344651Malware Command and Control Activity Detected192.168.2.45017689.116.191.177443TCP
            2024-12-11T16:22:00.632474+010020344651Malware Command and Control Activity Detected192.168.2.450177213.210.13.4443TCP
            2024-12-11T16:22:00.694060+010020344651Malware Command and Control Activity Detected192.168.2.450178193.188.22.40443TCP
            2024-12-11T16:22:03.235800+010020344651Malware Command and Control Activity Detected192.168.2.45018377.221.149.84443TCP
            2024-12-11T16:22:03.356885+010020344651Malware Command and Control Activity Detected192.168.2.45018489.116.191.177443TCP
            2024-12-11T16:22:03.433726+010020344651Malware Command and Control Activity Detected192.168.2.450185213.210.13.4443TCP
            2024-12-11T16:22:04.503353+010020344651Malware Command and Control Activity Detected192.168.2.450186193.188.22.40443TCP
            2024-12-11T16:22:06.816268+010020344651Malware Command and Control Activity Detected192.168.2.45019177.221.149.84443TCP
            2024-12-11T16:22:06.863207+010020344651Malware Command and Control Activity Detected192.168.2.45019289.116.191.177443TCP
            2024-12-11T16:22:06.926670+010020344651Malware Command and Control Activity Detected192.168.2.450193213.210.13.4443TCP
            2024-12-11T16:22:06.985789+010020344651Malware Command and Control Activity Detected192.168.2.450194193.188.22.40443TCP
            2024-12-11T16:22:11.388141+010020344651Malware Command and Control Activity Detected192.168.2.45019977.221.149.84443TCP
            2024-12-11T16:22:11.447227+010020344651Malware Command and Control Activity Detected192.168.2.45020089.116.191.177443TCP
            2024-12-11T16:22:11.553278+010020344651Malware Command and Control Activity Detected192.168.2.450201213.210.13.4443TCP
            2024-12-11T16:22:11.636891+010020344651Malware Command and Control Activity Detected192.168.2.450202193.188.22.40443TCP
            2024-12-11T16:22:14.177339+010020344651Malware Command and Control Activity Detected192.168.2.45020777.221.149.84443TCP
            2024-12-11T16:22:14.224586+010020344651Malware Command and Control Activity Detected192.168.2.45020889.116.191.177443TCP
            2024-12-11T16:22:14.293452+010020344651Malware Command and Control Activity Detected192.168.2.450209213.210.13.4443TCP
            2024-12-11T16:22:15.385976+010020344651Malware Command and Control Activity Detected192.168.2.450210193.188.22.40443TCP
            2024-12-11T16:22:17.850074+010020344651Malware Command and Control Activity Detected192.168.2.45021577.221.149.84443TCP
            2024-12-11T16:22:17.903702+010020344651Malware Command and Control Activity Detected192.168.2.45021689.116.191.177443TCP
            2024-12-11T16:22:17.961144+010020344651Malware Command and Control Activity Detected192.168.2.450217213.210.13.4443TCP
            2024-12-11T16:22:18.005001+010020344651Malware Command and Control Activity Detected192.168.2.450218193.188.22.40443TCP
            2024-12-11T16:22:23.459424+010020344651Malware Command and Control Activity Detected192.168.2.45022377.221.149.84443TCP
            2024-12-11T16:22:23.543431+010020344651Malware Command and Control Activity Detected192.168.2.45022489.116.191.177443TCP
            2024-12-11T16:22:23.624194+010020344651Malware Command and Control Activity Detected192.168.2.450225213.210.13.4443TCP
            2024-12-11T16:22:23.715503+010020344651Malware Command and Control Activity Detected192.168.2.450226193.188.22.40443TCP
            2024-12-11T16:22:26.145291+010020344651Malware Command and Control Activity Detected192.168.2.45023177.221.149.84443TCP
            2024-12-11T16:22:26.194549+010020344651Malware Command and Control Activity Detected192.168.2.45023289.116.191.177443TCP
            2024-12-11T16:22:26.246297+010020344651Malware Command and Control Activity Detected192.168.2.450233213.210.13.4443TCP
            2024-12-11T16:22:26.303831+010020344651Malware Command and Control Activity Detected192.168.2.450234193.188.22.40443TCP
            2024-12-11T16:22:29.750959+010020344651Malware Command and Control Activity Detected192.168.2.45023977.221.149.84443TCP
            2024-12-11T16:22:29.848780+010020344651Malware Command and Control Activity Detected192.168.2.45024089.116.191.177443TCP
            2024-12-11T16:22:29.908651+010020344651Malware Command and Control Activity Detected192.168.2.450241213.210.13.4443TCP
            2024-12-11T16:22:29.984237+010020344651Malware Command and Control Activity Detected192.168.2.450242193.188.22.40443TCP
            2024-12-11T16:22:34.397345+010020344651Malware Command and Control Activity Detected192.168.2.45024777.221.149.84443TCP
            2024-12-11T16:22:34.441002+010020344651Malware Command and Control Activity Detected192.168.2.45024889.116.191.177443TCP
            2024-12-11T16:22:34.482487+010020344651Malware Command and Control Activity Detected192.168.2.450249213.210.13.4443TCP
            2024-12-11T16:22:34.527081+010020344651Malware Command and Control Activity Detected192.168.2.450250193.188.22.40443TCP
            2024-12-11T16:22:36.837521+010020344651Malware Command and Control Activity Detected192.168.2.45025577.221.149.84443TCP
            2024-12-11T16:22:37.927518+010020344651Malware Command and Control Activity Detected192.168.2.45025689.116.191.177443TCP
            2024-12-11T16:22:38.007137+010020344651Malware Command and Control Activity Detected192.168.2.450257213.210.13.4443TCP
            2024-12-11T16:22:38.096671+010020344651Malware Command and Control Activity Detected192.168.2.450258193.188.22.40443TCP
            2024-12-11T16:22:40.409773+010020344651Malware Command and Control Activity Detected192.168.2.45026377.221.149.84443TCP
            2024-12-11T16:22:40.477896+010020344651Malware Command and Control Activity Detected192.168.2.45026489.116.191.177443TCP
            2024-12-11T16:22:40.547381+010020344651Malware Command and Control Activity Detected192.168.2.450265213.210.13.4443TCP
            2024-12-11T16:22:40.613426+010020344651Malware Command and Control Activity Detected192.168.2.450266193.188.22.40443TCP
            2024-12-11T16:22:45.002700+010020344651Malware Command and Control Activity Detected192.168.2.45027177.221.149.84443TCP
            2024-12-11T16:22:45.053376+010020344651Malware Command and Control Activity Detected192.168.2.45027289.116.191.177443TCP
            2024-12-11T16:22:45.106240+010020344651Malware Command and Control Activity Detected192.168.2.450273213.210.13.4443TCP
            2024-12-11T16:22:45.157359+010020344651Malware Command and Control Activity Detected192.168.2.450274193.188.22.40443TCP
            2024-12-11T16:22:47.474983+010020344651Malware Command and Control Activity Detected192.168.2.45027977.221.149.84443TCP
            2024-12-11T16:22:47.517256+010020344651Malware Command and Control Activity Detected192.168.2.45028089.116.191.177443TCP
            2024-12-11T16:22:47.586636+010020344651Malware Command and Control Activity Detected192.168.2.450281213.210.13.4443TCP
            2024-12-11T16:22:47.653835+010020344651Malware Command and Control Activity Detected192.168.2.450282193.188.22.40443TCP
            2024-12-11T16:22:50.212535+010020344651Malware Command and Control Activity Detected192.168.2.45028777.221.149.84443TCP
            2024-12-11T16:22:50.277971+010020344651Malware Command and Control Activity Detected192.168.2.45028889.116.191.177443TCP
            2024-12-11T16:22:51.341018+010020344651Malware Command and Control Activity Detected192.168.2.450289213.210.13.4443TCP
            2024-12-11T16:22:51.380732+010020344651Malware Command and Control Activity Detected192.168.2.450290193.188.22.40443TCP
            2024-12-11T16:22:55.781933+010020344651Malware Command and Control Activity Detected192.168.2.45029577.221.149.84443TCP
            2024-12-11T16:22:55.837136+010020344651Malware Command and Control Activity Detected192.168.2.45029689.116.191.177443TCP
            2024-12-11T16:22:55.892627+010020344651Malware Command and Control Activity Detected192.168.2.450297213.210.13.4443TCP
            2024-12-11T16:22:55.960918+010020344651Malware Command and Control Activity Detected192.168.2.450298193.188.22.40443TCP
            2024-12-11T16:22:58.289764+010020344651Malware Command and Control Activity Detected192.168.2.45030377.221.149.84443TCP
            2024-12-11T16:22:58.340916+010020344651Malware Command and Control Activity Detected192.168.2.45030489.116.191.177443TCP
            2024-12-11T16:22:59.466307+010020344651Malware Command and Control Activity Detected192.168.2.450305213.210.13.4443TCP
            2024-12-11T16:22:59.535549+010020344651Malware Command and Control Activity Detected192.168.2.450306193.188.22.40443TCP
            2024-12-11T16:23:02.103360+010020344651Malware Command and Control Activity Detected192.168.2.45031177.221.149.84443TCP
            2024-12-11T16:23:02.168133+010020344651Malware Command and Control Activity Detected192.168.2.45031289.116.191.177443TCP
            2024-12-11T16:23:02.253944+010020344651Malware Command and Control Activity Detected192.168.2.450313213.210.13.4443TCP
            2024-12-11T16:23:02.326257+010020344651Malware Command and Control Activity Detected192.168.2.450314193.188.22.40443TCP
            2024-12-11T16:23:07.669492+010020344651Malware Command and Control Activity Detected192.168.2.45031977.221.149.84443TCP
            2024-12-11T16:23:07.766860+010020344651Malware Command and Control Activity Detected192.168.2.45032089.116.191.177443TCP
            2024-12-11T16:23:07.883044+010020344651Malware Command and Control Activity Detected192.168.2.450321213.210.13.4443TCP
            2024-12-11T16:23:07.964061+010020344651Malware Command and Control Activity Detected192.168.2.450322193.188.22.40443TCP
            2024-12-11T16:23:10.647387+010020344651Malware Command and Control Activity Detected192.168.2.45032777.221.149.84443TCP
            2024-12-11T16:23:10.713144+010020344651Malware Command and Control Activity Detected192.168.2.45032889.116.191.177443TCP
            2024-12-11T16:23:10.771334+010020344651Malware Command and Control Activity Detected192.168.2.450329213.210.13.4443TCP
            2024-12-11T16:23:10.817376+010020344651Malware Command and Control Activity Detected192.168.2.450330193.188.22.40443TCP
            2024-12-11T16:23:14.109564+010020344651Malware Command and Control Activity Detected192.168.2.45033577.221.149.84443TCP
            2024-12-11T16:23:14.171886+010020344651Malware Command and Control Activity Detected192.168.2.45033689.116.191.177443TCP
            2024-12-11T16:23:14.213737+010020344651Malware Command and Control Activity Detected192.168.2.450337213.210.13.4443TCP
            2024-12-11T16:23:14.265123+010020344651Malware Command and Control Activity Detected192.168.2.450338193.188.22.40443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: UFh7A8CImG.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Lib_Help.dllAvira: detection malicious, Label: TR/Dldr.Rugmi.zfkkg
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Lib_Help.dllReversingLabs: Detection: 62%
            Multi AV Scanner detection for submitted file
            Source: UFh7A8CImG.exeReversingLabs: Detection: 52%
            Yara detected DanaBot stealer dll
            Source: Yara matchFile source: 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2753770406.0000000004F46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4163904835.000000000547F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4163433694.0000000004ED6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4163859568.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2672511181.0000000005485000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2675930453.0000000005476000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2757410780.0000000004F43000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2677180622.0000000004933000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2682133919.000000000493C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2756648118.00000000054E9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4163368007.00000000049A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2680974566.0000000005FD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2674638334.0000000004ED5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1767758397.0000000004A76000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2681358492.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2761374837.000000000603D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2754810471.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2761931254.00000000054E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2672015882.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2115889808.0000000007C9A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1772504401.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2757899973.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2675208046.0000000005A2A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2758858785.00000000049A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1770179849.0000000005013000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2762777663.0000000004F4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: MIs.exe PID: 7028, type: MEMORYSTR
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Vipro.dllJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\TMP6AC3.tmpJoe Sandbox ML: detected

            Compliance

            barindex
            Detected unpacking (creates a PE file in dynamic memory)
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeUnpacked PE file: 8.2.MIs.exe.3070000.1.unpack
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeUnpacked PE file: 10.2.MIs.exe.3110000.1.unpack
            Source: UFh7A8CImG.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: UFh7A8CImG.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: Binary string: C:\MCU_SCM\Development\FixedFunction\CP211x\PC_Applications\InterfaceLibrary\Windows_2K_XP_S2K3_Vista\HIDtoUART\Release\SLABHIDtoUART.pdb source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: d:\jenkins-slave\workspace\SLABHIDDevice\SLABHIDDevice\Release\SLABHIDDevice.pdb source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CE9E6FC FindFirstFileW,FindClose,8_2_6CE9E6FC
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF6DA64 GetLongPathNameW,GetLongPathNameW,FindFirstFileW,FindClose,8_2_6CF6DA64
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6CE9E6FC FindFirstFileW,FindClose,10_2_6CE9E6FC
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6CF6DA64 GetLongPathNameW,GetLongPathNameW,FindFirstFileW,FindClose,10_2_6CF6DA64
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6CE9E118 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,10_2_6CE9E118
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49767 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49766 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49769 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49836 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49838 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49768 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49866 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49884 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49885 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49859 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49902 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49898 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49901 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49864 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49900 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49913 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49914 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49835 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49931 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49837 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49934 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49944 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49946 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49883 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49964 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49932 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49961 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49982 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49980 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49945 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49862 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49994 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49993 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50007 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49995 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50024 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50023 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50026 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50041 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49959 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50006 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50043 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50042 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50057 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50056 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50079 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50077 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50090 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50025 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50005 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50092 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50108 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50093 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50111 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50080 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49947 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50127 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49979 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50130 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50129 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50110 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50142 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50128 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50141 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50159 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49912 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50175 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50091 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50055 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50176 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50160 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50144 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50184 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50185 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50186 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50192 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49992 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50191 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50177 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50193 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50078 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50207 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50199 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50158 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50008 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50058 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49882 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49930 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49963 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49915 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50109 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:49981 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50044 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50200 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50194 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50143 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50157 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50201 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50208 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50210 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50202 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50217 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50225 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50209 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50216 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50224 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50233 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50223 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50239 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50242 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50234 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50231 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50240 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50248 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50247 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50250 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50249 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50241 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50256 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50263 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50257 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50255 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50272 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50258 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50274 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50266 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50273 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50280 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50264 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50279 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50271 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50282 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50265 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50287 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50289 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50290 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50288 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50296 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50295 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50298 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50281 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50305 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50303 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50312 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50306 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50304 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50320 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50321 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50311 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50328 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50327 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50330 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50314 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50337 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50319 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50336 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50218 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50338 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50335 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50322 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50297 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50215 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50178 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50232 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50183 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50226 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50313 -> 213.210.13.4:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.4:50329 -> 213.210.13.4:443
            Source: global trafficTCP traffic: 192.168.2.4:49774 -> 8.8.8.8:53
            Source: Joe Sandbox ViewASN Name: LRTC-ASLT LRTC-ASLT
            Source: Joe Sandbox ViewASN Name: INFOBOX-ASInfoboxruAutonomousSystemRU INFOBOX-ASInfoboxruAutonomousSystemRU
            Source: Joe Sandbox ViewASN Name: EDGEtaGCIComGB EDGEtaGCIComGB
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: MIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.css
            Source: MIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.jpg
            Source: UFh7A8CImG.exe, 00000000.00000002.1730018002.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725622209.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725622209.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
            Source: UFh7A8CImG.exe, 00000000.00000002.1730018002.00000000032F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiC
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725622209.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: UFh7A8CImG.exe, 00000000.00000002.1730018002.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: UFh7A8CImG.exe, 00000000.00000002.1730018002.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
            Source: UFh7A8CImG.exe, 00000000.00000003.1725622209.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
            Source: UFh7A8CImG.exe, 00000000.00000002.1730018002.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
            Source: MIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: UFh7A8CImG.exe, 00000000.00000002.1730018002.00000000032F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicer8
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725622209.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725622209.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: UFh7A8CImG.exe, 00000000.00000002.1730018002.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725622209.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000002.1730018002.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: MIs.exeString found in binary or memory: http://www.multi-tech.cn/
            Source: MIs.exeString found in binary or memory: http://www.multi-tech.cn/MIsetup.exe
            Source: MIs.exe, 00000001.00000003.2117562696.000000007FAF0000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2116981899.000000007EBA0000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2116225229.000000007E700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/V
            Source: MIs.exe, 00000001.00000003.2116225229.000000007E700000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2114493173.000000007ECF0000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2115522722.000000007ED70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
            Source: MIs.exe, 00000001.00000003.2116225229.000000007E700000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2114493173.000000007ECF0000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2115522722.000000007ED70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlRAND
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.virtins.com
            Source: MIs.exeString found in binary or memory: http://www.virtins.com/
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000000.1727952365.0000000000600000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.virtins.com/-Manual-ZHCHS.pdfhttp://www.multi-tech.cn/.pdf.chm-ZHCHS-ManualHardwareManual
            Source: MIs.exeString found in binary or memory: http://www.virtins.com/MIsetup.exe
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000000.1727952365.0000000000600000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.virtins.com/MIsetup.exehttp://www.multi-tech.cn/MIsetup.exeUpdate
            Source: MIs.exeString found in binary or memory: https://inivation.gitlab.io/dv/dv-docs/docs/update-firmware/
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
            Source: UFh7A8CImG.exe, 00000000.00000002.1730018002.00000000032F0000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1725481449.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp, UFh7A8CImG.exe, 00000000.00000003.1724528848.0000000000AF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: MIs.exeString found in binary or memory: https://www.multi-tech.cn/applications.shtml
            Source: MIs.exeString found in binary or memory: https://www.rme-audio.de/downloads/adi24pro_e.pdf
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000000.1727952365.0000000000600000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.rme-audio.de/downloads/adi24pro_e.pdfhttps://www.rme-audio.de/downloads/adi2profs_e.pdfR
            Source: MIs.exeString found in binary or memory: https://www.rme-audio.de/downloads/adi2profs_e.pdf
            Source: MIs.exeString found in binary or memory: https://www.virtins.com/activate.html
            Source: MIs.exeString found in binary or memory: https://www.virtins.com/applications.html
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000000.1727952365.0000000000600000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.virtins.com/applications.htmlhttps://www.multi-tech.cn/applications.shtmlApplicationSumm
            Source: MIs.exeString found in binary or memory: https://www.virtins.com/multi-instrument.html
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
            Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50257 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
            Source: unknownNetwork traffic detected: HTTP traffic on port 50314 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
            Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50325 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50268 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50292 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
            Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
            Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50246 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50303 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50269 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
            Source: unknownNetwork traffic detected: HTTP traffic on port 50326 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
            Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50280 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50337 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50235 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50221 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50324 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50293 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50301 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50270 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
            Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50335 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
            Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50282 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50247 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50258 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 50336 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
            Source: unknownNetwork traffic detected: HTTP traffic on port 50313 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
            Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50281 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
            Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50259 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50236 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
            Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
            Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
            Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50220 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50302 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50216
            Source: unknownNetwork traffic detected: HTTP traffic on port 50277 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50337
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50215
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50336
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50218
            Source: unknownNetwork traffic detected: HTTP traffic on port 50254 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50338
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50219
            Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50210
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50331
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50330
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50212
            Source: unknownNetwork traffic detected: HTTP traffic on port 50225 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50333
            Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50211
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50332
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50214
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50335
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50213
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50334
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50305 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50328 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50227
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50226
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50229
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50228
            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
            Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50221
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50220
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50223
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50222
            Source: unknownNetwork traffic detected: HTTP traffic on port 50243 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50225
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50224
            Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50289 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50238
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50237
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50239
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50230
            Source: unknownNetwork traffic detected: HTTP traffic on port 50317 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50232
            Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50231
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50234
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50233
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50236
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50235
            Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50288 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50213 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50232 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50249
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50248
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
            Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50241
            Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50240
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
            Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50243
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50242
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50245
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50244
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
            Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50247
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50246
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50266 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50250
            Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50306 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50244 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50315 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50338 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50267 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50304
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50303
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50306
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50305
            Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50308
            Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50307
            Source: unknownNetwork traffic detected: HTTP traffic on port 50278 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50309
            Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50300
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50302
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50301
            Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50304 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50212 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50315
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50314
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50317
            Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50316
            Source: unknownNetwork traffic detected: HTTP traffic on port 50256 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50319
            Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50318
            Source: unknownNetwork traffic detected: HTTP traffic on port 50279 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50311
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50310
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50313
            Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50312
            Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50205
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50326
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50204
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50325
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50207
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50328
            Source: unknownNetwork traffic detected: HTTP traffic on port 50196 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50206
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50327
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50209
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50208
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50329
            Source: unknownNetwork traffic detected: HTTP traffic on port 50245 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50316 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50320
            Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50201
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50322
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50200
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50321
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50203
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50324
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50202
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50323
            Source: unknownNetwork traffic detected: HTTP traffic on port 50290 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50327 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50296
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50295
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50298
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50176
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50297
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50299
            Source: unknownNetwork traffic detected: HTTP traffic on port 50319 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50180
            Source: unknownNetwork traffic detected: HTTP traffic on port 50263 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50182
            Source: unknownNetwork traffic detected: HTTP traffic on port 50286 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50181
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50184
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50183
            Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50320 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50251 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50185
            Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50188
            Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50187
            Source: unknownNetwork traffic detected: HTTP traffic on port 50331 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50189
            Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50240 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50216 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50191
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50190
            Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50193
            Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50192
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50194
            Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50308 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50227 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50252 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50275 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50197
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50196
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
            Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50199
            Source: unknownNetwork traffic detected: HTTP traffic on port 50332 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50198
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
            Source: unknownNetwork traffic detected: HTTP traffic on port 50297 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
            Source: unknownNetwork traffic detected: HTTP traffic on port 50241 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
            Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
            Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
            Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50259
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50252
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50251
            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50254
            Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50253
            Source: unknownNetwork traffic detected: HTTP traffic on port 50330 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
            Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50256
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50255
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
            Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50258
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50257
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50261
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50260
            Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50253 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50299 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50263
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50262
            Source: unknownNetwork traffic detected: HTTP traffic on port 50318 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50265
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50264
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50267
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
            Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50266
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50269
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50268
            Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50264 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50270
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50272
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50271
            Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50329 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50298 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50274
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50152
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50273
            Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034

            E-Banking Fraud

            barindex
            Yara detected DanaBot stealer dll
            Source: Yara matchFile source: 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2753770406.0000000004F46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4163904835.000000000547F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4163433694.0000000004ED6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4163859568.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2672511181.0000000005485000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2675930453.0000000005476000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2757410780.0000000004F43000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2677180622.0000000004933000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2682133919.000000000493C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2756648118.00000000054E9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4163368007.00000000049A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2680974566.0000000005FD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2674638334.0000000004ED5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1767758397.0000000004A76000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2681358492.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2761374837.000000000603D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2754810471.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2761931254.00000000054E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2672015882.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2115889808.0000000007C9A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1772504401.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2757899973.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2675208046.0000000005A2A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2758858785.00000000049A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1770179849.0000000005013000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2762777663.0000000004F4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: MIs.exe PID: 7028, type: MEMORYSTR

            System Summary

            barindex
            PE file has a writeable .text section
            Source: FilesystemDialogsCOM.dll.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C968CD0: DeviceIoControl,DeviceIoControl,8_2_6C968CD0
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeCode function: 0_2_00F186900_2_00F18690
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeCode function: 0_2_010D597C0_2_010D597C
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_004158408_2_00415840
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_0041F05B8_2_0041F05B
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_0041E0DD8_2_0041E0DD
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_004FC0D08_2_004FC0D0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_005B21A08_2_005B21A0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_00405AE08_2_00405AE0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_00404B608_2_00404B60
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_0041DC318_2_0041DC31
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_004ABF708_2_004ABF70
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_0041D7858_2_0041D785
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C96A3D08_2_6C96A3D0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9693708_2_6C969370
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C96EE108_2_6C96EE10
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C98CE608_2_6C98CE60
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C981F008_2_6C981F00
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C974F508_2_6C974F50
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C98E89B8_2_6C98E89B
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C96C8E08_2_6C96C8E0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C993A2D8_2_6C993A2D
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C970B308_2_6C970B30
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C98D5B08_2_6C98D5B0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9A95A98_2_6C9A95A9
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9705F08_2_6C9705F0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9965108_2_6C996510
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C99D6D38_2_6C99D6D3
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9936EB8_2_6C9936EB
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C97B0708_2_6C97B070
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C99A1898_2_6C99A189
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C99C1C08_2_6C99C1C0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C96D2A08_2_6C96D2A0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9A72A58_2_6C9A72A5
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9852C08_2_6C9852C0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9742F38_2_6C9742F3
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C98B3C08_2_6C98B3C0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D24478_2_6C9D2447
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9E7CB38_2_6C9E7CB3
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D7CED8_2_6C9D7CED
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D85198_2_6C9D8519
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9DAF9D8_2_6C9DAF9D
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D7F978_2_6C9D7F97
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D797B8_2_6C9D797B
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9E4AE28_2_6C9E4AE2
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D52368_2_6C9D5236
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D825E8_2_6C9D825E
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9E53098_2_6C9E5309
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9DF3308_2_6C9DF330
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF489C08_2_6CF489C0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF48B048_2_6CF48B04
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D244710_2_6C9D2447
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9E7CB310_2_6C9E7CB3
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D7CED10_2_6C9D7CED
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D851910_2_6C9D8519
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9DAF9D10_2_6C9DAF9D
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D7F9710_2_6C9D7F97
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D797B10_2_6C9D797B
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9E4AE210_2_6C9E4AE2
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D523610_2_6C9D5236
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D825E10_2_6C9D825E
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9E530910_2_6C9E5309
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9DF33010_2_6C9DF330
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6CF489C010_2_6CF489C0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6CF48B0410_2_6CF48B04
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6CE9C74410_2_6CE9C744
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_7098A08010_2_7098A080
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_709640A010_2_709640A0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_709630F010_2_709630F0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_7097303010_2_70973030
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_7099A1B010_2_7099A1B0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_709791C010_2_709791C0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_7096217010_2_70962170
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_7092C16010_2_7092C160
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_709772F010_2_709772F0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_7095522010_2_70955220
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_7099E38010_2_7099E380
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_7096F3D010_2_7096F3D0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_709873F010_2_709873F0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_7098143010_2_70981430
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_709965C010_2_709965C0
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\FilesystemDialogsCOM.dll BB841E22FF485EA6F79808A554BAA8FB13F8971A4549F09BC6665EFA19115F37
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 6C9887A0 appears 53 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 6C97DD30 appears 33 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 005E2A56 appears 35 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 6C9D4A43 appears 42 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 6C966050 appears 435 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 6CEC2CD4 appears 42 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 6C98F350 appears 42 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 005E2B3A appears 127 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 6C9D6190 appears 64 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 6C974F20 appears 90 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 6C971B50 appears 198 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 6CED3CC0 appears 35 times
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: String function: 6C9E11F0 appears 36 times
            Source: Vipro.dll.0.drStatic PE information: Resource name: RT_VERSION type: x86 executable not stripped
            Source: VTDSP.dll.0.drStatic PE information: Number of sections : 17 > 10
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMI.exe$ vs UFh7A8CImG.exe
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSLABHIDDevice.dllt* vs UFh7A8CImG.exe
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHIDtoUART.dllb! vs UFh7A8CImG.exe
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFilesystemDialogsCOM.dlln' vs UFh7A8CImG.exe
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXmlWrapp.dllF vs UFh7A8CImG.exe
            Source: UFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMI.exe vs UFh7A8CImG.exe
            Source: UFh7A8CImG.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: Vipro.dll.0.drStatic PE information: Section: 5m2xY ZLIB complexity 0.9984749571917808
            Source: Vipro.dll.0.drStatic PE information: Section: Mo1qpM ZLIB complexity 1.0035807291666667
            Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@10/299@0/5
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C98E170 LoadLibraryA,GetLastError,FormatMessageA,GetProcAddress,GetLastError,FormatMessageA,8_2_6C98E170
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6CEB2588 GetDiskFreeSpaceW,10_2_6CEB2588
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D2382 LoadLibraryA,FindResourceA,LoadResource,LockResource,DialogBoxIndirectParamA,FreeResource,FreeResource,8_2_6C9D2382
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5856:120:WilError_03
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeMutant created: \Sessions\1\BaseNamedObjects\59989252
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile created: C:\Users\user\AppData\Local\Temp\TMP6AC3.tmpJump to behavior
            Source: UFh7A8CImG.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
            Source: MIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: MIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
            Source: MIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
            Source: MIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: UFh7A8CImG.exeReversingLabs: Detection: 52%
            Source: MIs.exeString found in binary or memory: Failed to open USB device with user-specified bus/address or serial number. This usually happens because the device is already in use by another running program.
            Source: MIs.exeString found in binary or memory: USB serial number restriction is present (%s) in addition to USB bus/address restrictions, this single candidate device didn't match it (%s).
            Source: unknownProcess created: C:\Users\user\Desktop\UFh7A8CImG.exe "C:\Users\user\Desktop\UFh7A8CImG.exe"
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeProcess created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
            Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeProcess created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: winusb.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: libusbk.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: hid.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: winusb.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: libusbk.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: hid.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: slabhidtouart.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: slabhiddevice.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: vtdsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mfc42u.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: vipro.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: slabhiddevice.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: hid.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: lib_help.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winusb.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: libusbk.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winusb.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: libusbk.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: libjack.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: fppdes9.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: filesystemdialogscom.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: filesystemdialogs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wshunix.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: avifil32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: msacm32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: cryptui.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: pstorec.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wlanapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: netprofm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: npmproxy.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mmdevapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: audioses.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: slabhidtouart.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: slabhiddevice.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: vtdsp.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mfc42u.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: vipro.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: slabhiddevice.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: lib_help.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: hid.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: netapi32.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: netutils.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winusb.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: libusbk.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: shfolder.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wldp.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: profapi.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: devobj.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: msasn1.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winusb.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: libusbk.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: textinputframework.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: coreuicomponents.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: coremessaging.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: ntmarta.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: coremessaging.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wintypes.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wintypes.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wintypes.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: libjack.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: fppdes9.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: secur32.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: sspicli.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: filesystemdialogscom.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: filesystemdialogs.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: sxs.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: napinsp.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: pnrpnsp.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wshbth.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: nlaapi.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: iphlpapi.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mswsock.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: dnsapi.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winrnr.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: textshaping.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: rasadhlp.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: oleacc.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wtsapi32.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mscoree.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wshunix.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: slabhidtouart.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: slabhiddevice.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: vtdsp.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mfc42u.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: vipro.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: hid.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: lib_help.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: netapi32.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: netutils.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winusb.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: libusbk.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: shfolder.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wldp.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: devobj.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: profapi.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: msasn1.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winusb.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: libusbk.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: libjack.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: fppdes9.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: secur32.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: sspicli.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: filesystemdialogscom.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: filesystemdialogs.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: sxs.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: napinsp.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: pnrpnsp.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wshbth.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: nlaapi.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: iphlpapi.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mswsock.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: dnsapi.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: winrnr.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: rasadhlp.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: textinputframework.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: coreuicomponents.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: coremessaging.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: ntmarta.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: coremessaging.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wintypes.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wintypes.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wintypes.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: textshaping.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: oleacc.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wtsapi32.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: mscoree.dll
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSection loaded: wshunix.dll
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWindow detected: Number of UI elements: 26
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
            Source: UFh7A8CImG.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: UFh7A8CImG.exeStatic file information: File size 13858920 > 1048576
            Source: UFh7A8CImG.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2ab400
            Source: UFh7A8CImG.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x9bf400
            Source: UFh7A8CImG.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: Binary string: C:\MCU_SCM\Development\FixedFunction\CP211x\PC_Applications\InterfaceLibrary\Windows_2K_XP_S2K3_Vista\HIDtoUART\Release\SLABHIDtoUART.pdb source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: d:\jenkins-slave\workspace\SLABHIDDevice\SLABHIDDevice\Release\SLABHIDDevice.pdb source: UFh7A8CImG.exe, 00000000.00000003.1724610247.00000000037A6000.00000004.00000020.00020000.00000000.sdmp
            Source: UFh7A8CImG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: UFh7A8CImG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: UFh7A8CImG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: UFh7A8CImG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: UFh7A8CImG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

            Data Obfuscation

            barindex
            Detected unpacking (creates a PE file in dynamic memory)
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeUnpacked PE file: 8.2.MIs.exe.3070000.1.unpack
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeUnpacked PE file: 10.2.MIs.exe.3110000.1.unpack
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CE9223B GetModuleHandleA,LoadLibraryA,GetProcAddress,8_2_6CE9223B
            Source: initial sampleStatic PE information: section where entry point is pointing to: gf5DGXU0
            Source: VScopeResENUS.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x11b093
            Source: FilesystemDialogsCOM.dll.0.drStatic PE information: real checksum: 0x118149 should be: 0x11014a
            Source: fppdes9.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x66690
            Source: Vipro.dll.0.drStatic PE information: real checksum: 0x63dc3 should be: 0x61a06
            Source: VTDSP.dll.0.drStatic PE information: section name: /4
            Source: VTDSP.dll.0.drStatic PE information: section name: /19
            Source: VTDSP.dll.0.drStatic PE information: section name: /31
            Source: VTDSP.dll.0.drStatic PE information: section name: /45
            Source: VTDSP.dll.0.drStatic PE information: section name: /57
            Source: VTDSP.dll.0.drStatic PE information: section name: /70
            Source: VTDSP.dll.0.drStatic PE information: section name: /81
            Source: VTDSP.dll.0.drStatic PE information: section name: /92
            Source: FilesystemDialogsCOM.dll.0.drStatic PE information: section name: .didata
            Source: MIs.exe.0.drStatic PE information: section name: 0u
            Source: MIs.exe.0.drStatic PE information: section name: xwgWeRT
            Source: MIs.exe.0.drStatic PE information: section name: nl4l
            Source: MIs.exe.0.drStatic PE information: section name: gf5DGXU0
            Source: Vipro.dll.0.drStatic PE information: section name: 5m2xY
            Source: Vipro.dll.0.drStatic PE information: section name: Gv7z8pI
            Source: Vipro.dll.0.drStatic PE information: section name: Mo1qpM
            Source: Vipro.dll.0.drStatic PE information: section name: bLHfR2
            Source: Vipro.dll.0.drStatic PE information: section name: fXfj3
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeCode function: 0_2_010CCE05 push ecx; ret 0_2_010CCE18
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_005E37A0 push eax; ret 8_2_005E37CE
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C97D1B1 push es; iretd 8_2_6C97D1B5
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9AE161 push ecx; ret 8_2_6C9AE174
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D5FE2 push ecx; ret 8_2_6C9D5FF5
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D898E push dword ptr [ebx]; iretd 8_2_6C9D8991
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D61D6 push ecx; ret 8_2_6C9D61E9
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9F135D push esi; ret 8_2_6C9F1366
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF5CC74 push ecx; mov dword ptr [esp], edx8_2_6CF5CC75
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF58DFC push ecx; mov dword ptr [esp], edx8_2_6CF58DFD
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CEE8DD0 push ecx; mov dword ptr [esp], eax8_2_6CEE8DD2
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF62DBC push ecx; mov dword ptr [esp], edx8_2_6CF62DBD
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF54EFC push ecx; mov dword ptr [esp], edx8_2_6CF54EFD
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF5AFD0 push ecx; mov dword ptr [esp], edx8_2_6CF5AFD1
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CEA08DA push ecx; mov dword ptr [esp], edx8_2_6CEA08DD
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CEA0888 push ecx; mov dword ptr [esp], edx8_2_6CEA0889
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CEA0894 push ecx; mov dword ptr [esp], edx8_2_6CEA0895
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CEA087C push ecx; mov dword ptr [esp], edx8_2_6CEA087D
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF0E9E0 push ecx; mov dword ptr [esp], edx8_2_6CF0E9E1
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF0C9C4 push ecx; mov dword ptr [esp], edx8_2_6CF0C9C5
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF5C9BC push ecx; mov dword ptr [esp], edx8_2_6CF5C9BD
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CEA0922 push ecx; mov dword ptr [esp], edx8_2_6CEA0925
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CEA0900 push ecx; mov dword ptr [esp], edx8_2_6CEA0901
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CED6900 push ecx; mov dword ptr [esp], edx8_2_6CED6901
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CEA0A2C push ecx; mov dword ptr [esp], edx8_2_6CEA0A2D
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CEA0A14 push ecx; mov dword ptr [esp], edx8_2_6CEA0A15
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF5A4C0 push ecx; mov dword ptr [esp], ecx8_2_6CF5A4C4
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D5FE2 push ecx; ret 10_2_6C9D5FF5
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D898E push dword ptr [ebx]; iretd 10_2_6C9D8991
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D61D6 push ecx; ret 10_2_6C9D61E9
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9F135D push esi; ret 10_2_6C9F1366
            Source: MIs.exe.0.drStatic PE information: section name: gf5DGXU0 entropy: 7.241042416436075
            Source: Vipro.dll.0.drStatic PE information: section name: 5m2xY entropy: 7.997265604569775
            Source: Vipro.dll.0.drStatic PE information: section name: fXfj3 entropy: 7.952553700537808
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\fppdes9.dllJump to dropped file
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Vipro.dllJump to dropped file
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\SLABHIDtoUART.dllJump to dropped file
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\FilesystemDialogsCOM.dllJump to dropped file
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\VTDSP.dllJump to dropped file
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeJump to dropped file
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\VScopeResENUS.dllJump to dropped file
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Lib_Help.dllJump to dropped file
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeFile created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\SLABHIDDevice.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Advanced Vynil StudioJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Advanced Vynil StudioJump to behavior

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
            May use the Tor software to hide its network traffic
            Source: MIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: torConnect
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C96BD80 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,FreeLibrary,8_2_6C96BD80
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSDAIPP\Provider\{C84667C0-0F23D652-790E635B-FEA6F99B} unknownJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRDTSC instruction interceptor: First address: 659BEF second address: 659BF5 instructions: 0x00000000 rdtsc 0x00000002 mov edi, edx 0x00000004 mov ebx, eax 0x00000006 rdtsc
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRDTSC instruction interceptor: First address: 659BF5 second address: 659C08 instructions: 0x00000000 rdtsc 0x00000002 cmp edi, edx 0x00000004 jne 00007FF5D4D21E26h 0x00000006 sub eax, ebx 0x00000008 mov dword ptr [ebp+0050DE69h], eax 0x0000000e mov ecx, 0000000Ah 0x00000013 rdtsc
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRDTSC instruction interceptor: First address: 659C08 second address: 659C0E instructions: 0x00000000 rdtsc 0x00000002 mov edi, edx 0x00000004 mov ebx, eax 0x00000006 rdtsc
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRDTSC instruction interceptor: First address: 659C0E second address: 659C08 instructions: 0x00000000 rdtsc 0x00000002 cmp edi, edx 0x00000004 jne 00007FF5D4D21E26h 0x00000006 sub eax, ebx 0x00000008 cmp eax, dword ptr [ebp+0050DE69h] 0x0000000e jnle 00007FF5D4D21E38h 0x00000010 mov dword ptr [ebp+0050DE69h], eax 0x00000016 dec ecx 0x00000017 jne 00007FF5D4D21E13h 0x00000019 rdtsc
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRDTSC instruction interceptor: First address: 659C0E second address: 659C08 instructions: 0x00000000 rdtsc 0x00000002 cmp edi, edx 0x00000004 jne 00007FF5D4D21E26h 0x00000006 sub eax, ebx 0x00000008 cmp eax, dword ptr [ebp+0050DE69h] 0x0000000e jnle 00007FF5D4D21E38h 0x00000010 dec ecx 0x00000011 jne 00007FF5D4D21E13h 0x00000013 rdtsc
            Tries to evade debugger and weak emulator (self modifying code)
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSpecial instruction interceptor: First address: 659C03 instructions caused by: Self-modifying code
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSpecial instruction interceptor: First address: 659C24 instructions caused by: Self-modifying code
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk\Enum name: 0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosDate
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9698C0 SetupDiGetDeviceRegistryPropertyA,SetupDiGetDeviceRegistryPropertyA,_strrchr,_strrchr,SetupDiGetDeviceRegistryPropertyA,8_2_6C9698C0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWindow / User API: threadDelayed 695Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWindow / User API: threadDelayed 727Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWindow / User API: threadDelayed 3539Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWindow / User API: threadDelayed 3260Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWindow / User API: threadDelayed 740
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5803
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 429
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWindow / User API: threadDelayed 1698
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWindow / User API: threadDelayed 776
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\VScopeResENUS.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeAPI coverage: 8.4 %
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 7144Thread sleep time: -34750s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 3096Thread sleep time: -562000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 1352Thread sleep time: -566000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 2500Thread sleep time: -75075s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 1352Thread sleep time: -7078000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 3096Thread sleep time: -6520000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 7112Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 7116Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 4412Thread sleep count: 740 > 30
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6860Thread sleep count: 5803 > 30
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6072Thread sleep time: -2767011611056431s >= -30000s
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6872Thread sleep count: 429 > 30
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6964Thread sleep time: -2767011611056431s >= -30000s
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 5888Thread sleep count: 1698 > 30
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 5888Thread sleep time: -84900s >= -30000s
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe TID: 5888Thread sleep count: 776 > 30
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CE9E6FC FindFirstFileW,FindClose,8_2_6CE9E6FC
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CF6DA64 GetLongPathNameW,GetLongPathNameW,FindFirstFileW,FindClose,8_2_6CF6DA64
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6CE9E6FC FindFirstFileW,FindClose,10_2_6CE9E6FC
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6CF6DA64 GetLongPathNameW,GetLongPathNameW,FindFirstFileW,FindClose,10_2_6CF6DA64
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6CE9E118 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,10_2_6CE9E118
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CEA0508 GetSystemInfo,8_2_6CEA0508
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeThread delayed: delay time: 75075Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
            Source: MIs.exeBinary or memory string: VMware
            Source: MIs.exe, 00000001.00000003.1729733699.00000000008D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
            Source: MIs.exeBinary or memory string: VMWARE
            Source: UFh7A8CImG.exe, 00000000.00000002.1728596141.0000000000AB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
            Source: MIs.exe, 00000001.00000003.1730909053.00000000008BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: MIs.exe, 00000001.00000003.1729733699.00000000008D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: MIs.exe, 00000001.00000003.1729455289.00000000008C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 000War&Prod_VMware_
            Source: UFh7A8CImG.exe, 00000000.00000003.1697276774.0000000000AB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
            Source: MIs.exe, 00000001.00000003.1729733699.00000000008D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeAPI call chain: ExitProcess graph end nodegraph_8-85436
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeAPI call chain: ExitProcess graph end nodegraph_10-65583
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeSystem information queried: ModuleInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformation
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeCode function: 0_2_010D8158 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_010D8158
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6CE9223B GetModuleHandleA,LoadLibraryA,GetProcAddress,8_2_6CE9223B
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9E1B3F mov eax, dword ptr fs:[00000030h]8_2_6C9E1B3F
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9E1B3F mov eax, dword ptr fs:[00000030h]10_2_6C9E1B3F
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9ADEC0 TlsGetValue,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,TlsSetValue,GetProcessHeap,HeapFree,8_2_6C9ADEC0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeCode function: 0_2_010D8158 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_010D8158
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeCode function: 0_2_010CC46F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_010CC46F
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C991CD1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6C991CD1
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C98EBC8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_6C98EBC8
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C98F1D2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6C98F1D2
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D581B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_6C9D581B
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9DA1DF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6C9DA1DF
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D63FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6C9D63FF
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D581B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_6C9D581B
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9DA1DF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_6C9DA1DF
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D63FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_6C9D63FF

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeProcess created: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
            Source: MIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndTrayNotifyWndSysPagerToolbarWindow32U
            Source: MIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: explorer.exeShell_TrayWnd
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D6258 cpuid 8_2_6C9D6258
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,8_2_6CE9E850
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,10_2_6CE9E850
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: EnumSystemLocalesW,10_2_6CEBC04C
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,10_2_6CE9DCB4
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: GetLocaleInfoW,10_2_6CEBBE48
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: GetLocaleInfoW,10_2_6CEB71D8
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: GetLocaleInfoW,10_2_6CEB718C
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9698C0 SetupDiGetDeviceRegistryPropertyA,SetupDiGetDeviceRegistryPropertyA,_strrchr,_strrchr,SetupDiGetDeviceRegistryPropertyA,8_2_6C9698C0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TMP6AC3.tmp VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\Desktop\UFh7A8CImG.exeCode function: 0_2_010CCE82 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_010CCE82
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9A0E65 GetTimeZoneInformation,8_2_6C9A0E65
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C966780 GetVersionExA,GetVersionExA,GetVersionExA,VerSetConditionMask,VerifyVersionInfoA,VerifyVersionInfoA,VerSetConditionMask,VerifyVersionInfoA,GetCurrentProcess,IsWow64Process,8_2_6C966780
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected DanaBot stealer dll
            Source: Yara matchFile source: 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2753770406.0000000004F46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4163904835.000000000547F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4163433694.0000000004ED6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4163859568.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2672511181.0000000005485000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2675930453.0000000005476000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2757410780.0000000004F43000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2677180622.0000000004933000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2682133919.000000000493C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2756648118.00000000054E9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4163368007.00000000049A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2680974566.0000000005FD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2674638334.0000000004ED5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1767758397.0000000004A76000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2681358492.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2761374837.000000000603D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2754810471.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2761931254.00000000054E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2672015882.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2115889808.0000000007C9A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1772504401.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2757899973.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2675208046.0000000005A2A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2758858785.00000000049A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1770179849.0000000005013000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2762777663.0000000004F4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: MIs.exe PID: 7028, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Instant Messenger accounts or passwords
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeFile opened: C:\Users\user\AppData\Roaming\Miranda\Jump to behavior
            Source: Yara matchFile source: 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2753770406.0000000004F46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4163904835.000000000547F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4163433694.0000000004ED6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4163859568.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2672511181.0000000005485000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2675930453.0000000005476000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2757410780.0000000004F43000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2677180622.0000000004933000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2682133919.000000000493C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2756648118.00000000054E9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4163368007.00000000049A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2680974566.0000000005FD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2674638334.0000000004ED5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1767758397.0000000004A76000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2681358492.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2761374837.000000000603D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2754810471.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2761931254.00000000054E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2672015882.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2115889808.0000000007C9A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1772504401.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2757899973.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2675208046.0000000005A2A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2758858785.00000000049A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1770179849.0000000005013000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2762777663.0000000004F4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: MIs.exe PID: 7028, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected DanaBot stealer dll
            Source: Yara matchFile source: 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2753770406.0000000004F46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4163904835.000000000547F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4163433694.0000000004ED6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4163859568.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2672511181.0000000005485000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2675930453.0000000005476000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2757410780.0000000004F43000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2677180622.0000000004933000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2682133919.000000000493C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2756648118.00000000054E9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4163368007.00000000049A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2680974566.0000000005FD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2674638334.0000000004ED5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1767758397.0000000004A76000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2681358492.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2761374837.000000000603D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2754810471.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2761931254.00000000054E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2672015882.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2115889808.0000000007C9A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1772504401.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2757899973.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2675208046.0000000005A2A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2758858785.00000000049A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1770179849.0000000005013000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2762777663.0000000004F4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: MIs.exe PID: 7028, type: MEMORYSTR
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 8_2_6C9D230C __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,8_2_6C9D230C
            Source: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exeCode function: 10_2_6C9D230C __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,10_2_6C9D230C

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		12
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Native API            		1
            Registry Run Keys / Startup Folder            		12
            Process Injection            		1
            Deobfuscate/Decode Files or Information            		1
            Credentials in Registry            		3
            File and Directory Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Multi-hop Proxy            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts2
            Command and Scripting Interpreter            		Logon Script (Windows)1
            Registry Run Keys / Startup Folder            		3
            Obfuscated Files or Information            		1
            Credentials In Files            		288
            System Information Discovery            		SMB/Windows Admin SharesData from Network Shared Drive1
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
            Software Packing            		NTDS1
            Query Registry            		Distributed Component Object ModelInput Capture1
            Proxy            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            DLL Side-Loading            		LSA Secrets441
            Security Software Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Masquerading            		Cached Domain Credentials2
            Process Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Modify Registry            		DCSync141
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
            Virtualization/Sandbox Evasion            		Proc Filesystem1
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
            Process Injection            		/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1573190 Sample: UFh7A8CImG.exe Startdate: 11/12/2024 Architecture: WINDOWS Score: 100 49 Suricata IDS alerts for network traffic 2->49 51 Antivirus detection for dropped file 2->51 53 Antivirus / Scanner detection for submitted sample 2->53 55 12 other signatures 2->55 8 UFh7A8CImG.exe 15 2->8         started        11 MIs.exe 2->11         started        13 MIs.exe 2->13         started        process3 file4 27 C:\Users\user\AppData\Local\...\fppdes9.dll, PE32 8->27 dropped 29 C:\Users\user\AppData\Local\...\Vipro.dll, PE32 8->29 dropped 31 C:\Users\user\AppData\Local\...\VTDSP.dll, PE32 8->31 dropped 33 7 other malicious files 8->33 dropped 15 MIs.exe 12 342 8->15         started        process5 dnsIp6 35 89.116.191.177, 443, 49737, 49767 LRTC-ASLT Lithuania 15->35 37 193.188.22.40, 443, 49739, 49769 LIVECOMM-ASRespublikanskayastr3k6RU Russian Federation 15->37 39 3 other IPs or domains 15->39 41 Tries to steal Instant Messenger accounts or passwords 15->41 43 May use the Tor software to hide its network traffic 15->43 45 Tries to harvest and steal browser information (history, passwords, etc) 15->45 47 Adds a directory exclusion to Windows Defender 15->47 19 cmd.exe 15->19         started        signatures7 process8 signatures9 57 Adds a directory exclusion to Windows Defender 19->57 22 powershell.exe 19->22         started        25 conhost.exe 19->25         started        process10 signatures11 59 Loading BitLocker PowerShell Module 22->59

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            UFh7A8CImG.exe53%ReversingLabsWin32.Trojan.Danabot
            UFh7A8CImG.exe100%AviraDR/AVI.Agent.mulmd

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Lib_Help.dll100%AviraTR/Dldr.Rugmi.zfkkg
            C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Vipro.dll100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\TMP6AC3.tmp100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\FilesystemDialogsCOM.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Lib_Help.dll62%ReversingLabsWin32.Trojan.Dacic
            C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe3%ReversingLabs
            C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\SLABHIDDevice.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\SLABHIDtoUART.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\VScopeResENUS.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\VTDSP.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Vipro.dll5%ReversingLabs
            C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\fppdes9.dll3%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.virtins.com/-Manual-ZHCHS.pdfhttp://www.multi-tech.cn/.pdf.chm-ZHCHS-ManualHardwareManual0%Avira URL Cloudsafe
            https://www.multi-tech.cn/applications.shtml0%Avira URL Cloudsafe
            http://www.virtins.com0%Avira URL Cloudsafe
            http://www.multi-tech.cn/MIsetup.exe0%Avira URL Cloudsafe
            https://www.virtins.com/activate.html0%Avira URL Cloudsafe
            http://www.virtins.com/MIsetup.exe0%Avira URL Cloudsafe
            https://www.virtins.com/multi-instrument.html0%Avira URL Cloudsafe
            https://www.rme-audio.de/downloads/adi24pro_e.pdfhttps://www.rme-audio.de/downloads/adi2profs_e.pdfR0%Avira URL Cloudsafe
            http://www.virtins.com/0%Avira URL Cloudsafe
            http://ocsp.digicer80%Avira URL Cloudsafe
            https://www.virtins.com/applications.html0%Avira URL Cloudsafe
            https://www.virtins.com/applications.htmlhttps://www.multi-tech.cn/applications.shtmlApplicationSumm0%Avira URL Cloudsafe
            http://www.multi-tech.cn/0%Avira URL Cloudsafe
            http://www.virtins.com/MIsetup.exehttp://www.multi-tech.cn/MIsetup.exeUpdate0%Avira URL Cloudsafe
            https://www.rme-audio.de/downloads/adi24pro_e.pdf0%Avira URL Cloudsafe
            https://www.rme-audio.de/downloads/adi2profs_e.pdf0%Avira URL Cloudsafe
            https://inivation.gitlab.io/dv/dv-docs/docs/update-firmware/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://html4/loose.dtdMIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://www.virtins.com/-Manual-ZHCHS.pdfhttp://www.multi-tech.cn/.pdf.chm-ZHCHS-ManualHardwareManualUFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000000.1727952365.0000000000600000.00000008.00000001.01000000.00000005.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://sectigo.com/CPS0UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://www.multi-tech.cn/applications.shtmlMIs.exefalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://ocsp.sectigo.com0UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.rme-audio.de/downloads/adi24pro_e.pdfhttps://www.rme-audio.de/downloads/adi2profs_e.pdfRUFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000000.1727952365.0000000000600000.00000008.00000001.01000000.00000005.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.openssl.org/VMIs.exe, 00000001.00000003.2117562696.000000007FAF0000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2116981899.000000007EBA0000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2116225229.000000007E700000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://www.virtins.com/MIs.exefalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.virtins.comUFh7A8CImG.exe, 00000000.00000003.1724610247.000000000392C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.multi-tech.cn/MIsetup.exeMIs.exefalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.virtins.com/MIsetup.exeMIs.exefalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.virtins.com/activate.htmlMIs.exefalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.virtins.com/multi-instrument.htmlMIs.exefalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.virtins.com/applications.htmlhttps://www.multi-tech.cn/applications.shtmlApplicationSummUFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000000.1727952365.0000000000600000.00000008.00000001.01000000.00000005.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://.cssMIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.openssl.org/support/faq.htmlMIs.exe, 00000001.00000003.2116225229.000000007E700000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2114493173.000000007ECF0000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2115522722.000000007ED70000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.openssl.org/support/faq.htmlRANDMIs.exe, 00000001.00000003.2116225229.000000007E700000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2114493173.000000007ECF0000.00000004.00001000.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2115522722.000000007ED70000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.virtins.com/applications.htmlMIs.exefalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zUFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsp.digicer8UFh7A8CImG.exe, 00000000.00000002.1730018002.00000000032F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.virtins.com/MIsetup.exehttp://www.multi-tech.cn/MIsetup.exeUpdateUFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000000.1727952365.0000000000600000.00000008.00000001.01000000.00000005.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.multi-tech.cn/MIs.exefalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://.jpgMIs.exe, 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, MIs.exe, 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://inivation.gitlab.io/dv/dv-docs/docs/update-firmware/MIs.exefalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.rme-audio.de/downloads/adi2profs_e.pdfMIs.exefalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.rme-audio.de/downloads/adi24pro_e.pdfMIs.exefalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#UFh7A8CImG.exe, 00000000.00000003.1724610247.0000000003406000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            8.8.8.8
                                            		unknownUnited States
                                            		15169GOOGLEUSfalse
                                            89.116.191.177
                                            		unknownLithuania
                                            		15419LRTC-ASLTtrue
                                            77.221.149.84
                                            		unknownRussian Federation
                                            		30968INFOBOX-ASInfoboxruAutonomousSystemRUtrue
                                            213.210.13.4
                                            		unknownUnited Kingdom
                                            		8851EDGEtaGCIComGBtrue
                                            193.188.22.40
                                            		unknownRussian Federation
                                            		49558LIVECOMM-ASRespublikanskayastr3k6RUtrue

                                            General Information

                                            Joe Sandbox version:41.0.0 Charoite
                                            Analysis ID:1573190
                                            Start date and time:2024-12-11 16:18:11 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 12m 42s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:11
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:UFh7A8CImG.exe
                                            renamed because original name is a hash value
                                            Original Sample Name:807cf9e5e22a71ca4bf1e31e955c1e2dfc80f1d38decf8b52857c29aadf04b90.exe
                                            Detection:MAL
                                            Classification:mal100.phis.troj.spyw.evad.winEXE@10/299@0/5
                                            EGA Information:
                                            • Successful, ratio: 100%
                                            HCA Information:
                                            • Successful, ratio: 60%
                                            • Number of executed functions: 108
                                            • Number of non-executed functions: 241
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe
                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                            Warnings

                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                            • Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                            • Report size getting too big, too many NtCreateFile calls found.
                                            • Report size getting too big, too many NtCreateKey calls found.
                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                            • Report size getting too big, too many NtEnumerateValueKey calls found.
                                            • Report size getting too big, too many NtOpenFile calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                            • Report size getting too big, too many NtReadFile calls found.
                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                            • VT rate limit hit for: UFh7A8CImG.exe

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            10:19:07API Interceptor7698224x Sleep call for process: MIs.exe modified
                                            10:20:37API Interceptor9x Sleep call for process: powershell.exe modified
                                            15:20:36Task SchedulerRun new task: Advanced Vynil Studio Suite path: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                            15:20:38AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Advanced Vynil Studio C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            89.116.191.177nSORtPkIOR.msiGet hashmaliciousDanaBotBrowse
                                              cloudflare.msiGet hashmaliciousDanaBotBrowse
                                                zDcNyG6Csn.exeGet hashmaliciousDanaBotBrowse
                                                  77.221.149.84zDcNyG6Csn.exeGet hashmaliciousDanaBotBrowse
                                                    213.210.13.4nSORtPkIOR.msiGet hashmaliciousDanaBotBrowse
                                                      cloudflare.msiGet hashmaliciousDanaBotBrowse
                                                        zDcNyG6Csn.exeGet hashmaliciousDanaBotBrowse
                                                          193.188.22.40nSORtPkIOR.msiGet hashmaliciousDanaBotBrowse
                                                            cloudflare.msiGet hashmaliciousDanaBotBrowse
                                                              zDcNyG6Csn.exeGet hashmaliciousDanaBotBrowse

                                                                Domains

                                                                No context

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                INFOBOX-ASInfoboxruAutonomousSystemRUzDcNyG6Csn.exeGet hashmaliciousDanaBotBrowse
                                                                • 77.221.149.84
                                                                file.exeGet hashmaliciousPureCrypterBrowse
                                                                • 109.120.137.89
                                                                file.exeGet hashmaliciousPureCrypterBrowse
                                                                • 109.120.137.89
                                                                USD470900_COPY_800BLHSBC882001_NOV202024.PDF.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                • 77.221.149.38
                                                                USD470900_COPY_800BLHSBC882001.PDF.batGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                • 77.221.149.38
                                                                YDW0S5K7hi.exeGet hashmaliciousSilverRatBrowse
                                                                • 109.120.138.54
                                                                cDRgXaadjD.exeGet hashmaliciousSilverRatBrowse
                                                                • 109.120.138.220
                                                                botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                • 92.243.83.22
                                                                boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                • 77.221.151.63
                                                                boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                                • 77.221.151.63
                                                                LRTC-ASLTnSORtPkIOR.msiGet hashmaliciousDanaBotBrowse
                                                                • 89.116.191.177
                                                                cloudflare.msiGet hashmaliciousDanaBotBrowse
                                                                • 89.116.191.177
                                                                zDcNyG6Csn.exeGet hashmaliciousDanaBotBrowse
                                                                • 89.116.191.177
                                                                jew.arm7.elfGet hashmaliciousMiraiBrowse
                                                                • 89.117.100.57
                                                                ET5.exeGet hashmaliciousUnknownBrowse
                                                                • 89.117.55.228
                                                                b1.exeGet hashmaliciousPureCrypter, MicroClipBrowse
                                                                • 89.117.79.31
                                                                b1.exeGet hashmaliciousPureCrypter, MicroClipBrowse
                                                                • 89.117.79.31
                                                                mipsel.elfGet hashmaliciousUnknownBrowse
                                                                • 84.46.252.91
                                                                aeI0ukq9TD.exeGet hashmaliciousUnknownBrowse
                                                                • 89.117.72.231
                                                                0ylPF4c3eF.exeGet hashmaliciousUnknownBrowse
                                                                • 89.117.72.231
                                                                EDGEtaGCIComGBnSORtPkIOR.msiGet hashmaliciousDanaBotBrowse
                                                                • 213.210.13.4
                                                                cloudflare.msiGet hashmaliciousDanaBotBrowse
                                                                • 213.210.13.4
                                                                zDcNyG6Csn.exeGet hashmaliciousDanaBotBrowse
                                                                • 213.210.13.4
                                                                Support.Client (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                • 185.49.126.73
                                                                Support.Client (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                • 185.49.126.73
                                                                la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                • 213.210.9.89
                                                                la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                • 77.107.70.202
                                                                fvIqrxcfuL.exeGet hashmaliciousQuasarBrowse
                                                                • 89.213.56.109
                                                                la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                • 89.213.146.12
                                                                arm7.elfGet hashmaliciousUnknownBrowse
                                                                • 77.107.120.22

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\FilesystemDialogsCOM.dllCEjWMdiJnR.exeGet hashmaliciousDanaBotBrowse
                                                                  CEjWMdiJnR.exeGet hashmaliciousDanaBotBrowse

                                                                    Created / dropped Files

                                                                    C:\ProgramData\0loqLkE0pHh\WindoproV6.lic

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:modified
                                                                    Size (bytes):3154
                                                                    Entropy (8bit):7.931021379081338
                                                                    Encrypted:false
                                                                    SSDEEP:48:e3Z8J5iQbyr1sOBWePdJqH2XnfloAicUSHG9SegFyPNqC0p94/kL6W72r2AT0yo9:9e1sOB3P7qcntHG/KyPgB7f72/ro+gow
                                                                    MD5:941BBC7003D311E89BE3EE437B5A8BC9
                                                                    SHA1:482B17B3831EDB69BF8AFC2C66D180B66F129712
                                                                    SHA-256:FD0F59E8753D652CAD387FA3197F5F202DD35F1735F5C2B97689BB77A3136980
                                                                    SHA-512:3C99EA6A2A0CE9453AFD8656B38F2F774D2F874B7648017CD55A249F93C20159CB5835568CDAA530008330EAE10E622B3C9C9A34363AEF7F21B51C98FD03B7A5
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:.A.xR.......8.;.r....^..N....!......]..j....C..I.....7..y....N`H>4.....{.<&.Tc2...;..d..d.`...q+..q..C..m......&i.....8...q...6....'.....?.g...'....y.......h?.'#@.)........(.,...@?z'./..FO~W&...L...s.S.....5..l......M(.....[U.....O....y..2...:.e..f&.....p.h1....kh..k...+w..l..S.0.....H...N...g.3.C...k.Q.3....n.M.Uj.l..`+.v............)..0,&T.~..h......C8.......*S........@...X....e.......f.~.f...3_..t..x.`=.%..c...lD*..].E.]k..Z.B..i..%..v.^.8..f....(.T.0....m.I..)6..j..K...K.....nm..N.VV>..).5..{.[k..d.Plp..u.!$b.....>.fi.M..mTU.=.%/~WX...O........'......q.)$.2~......F....o8w...8._C....8.c.#....../.h.../O..`?.g.?-.JB,..).R.r....[o.w.o|.Z <G..o.7..h.T...Iju.Q.....a.}'%.=xYb.rZ.<U..}M..>.&.....YFE.!.. Z.....R......r...7.oM..=.s..*4......9q..=.Y..o!...b....".. :.".$..xD..2y.%...V.p.V....<....?c.....|.d.2)..)EQ.Eb}B.2q"Y.A..'FP@.....rNZ......O.7..>.&..X.8O....[.H...]..v.n.(q......]DE.....~{..{C#.t|.f...l...}...>.g.......D...{6......

                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):1168
                                                                    Entropy (8bit):5.3589204150755565
                                                                    Encrypted:false
                                                                    SSDEEP:24:3GMytZWSKco4KmZjKMs4RPT6BmFoUebIl+mZ9t7J0gt/NKqHr+t:5yjWSU4xc4RQmFoUeU+mZ9tK8NPHA
                                                                    MD5:505F1F9E1A1621F82813F943C3530EC4
                                                                    SHA1:29BDD7B01CF597F5BCCC9D117D51DD4FBC2A8C88
                                                                    SHA-256:74ACF31D9405DA2FA4321A3334A20F652E70850816655F3DF5D3E4D00E786E6D
                                                                    SHA-512:09A71A0ED000D7DC2F39146944DA56F14B4A78FDBCE907E7340556E3B3C41C7FC6B0E3050AB1D7C0DD5C70FDDA9334F4FE2D8E956807BA0EF0DF739B6662444B
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.ConfigurationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Cache\Medication.db

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):5855633
                                                                    Entropy (8bit):7.999533643530907
                                                                    Encrypted:true
                                                                    SSDEEP:98304:Ces1v06NlQ2+cO2AI/7e7eoVWn40iCXamJJOgvOBhUrB9O6bFxJvd412zRst:CX1vrlQ2+cOjI/qW40iRmJVvqhSfxDRw
                                                                    MD5:3F84C9AEBFA0B3FE8FBF59B2E18D5C23
                                                                    SHA1:A530785B6C68A62A99564D257DD40C8B9CF2B9DF
                                                                    SHA-256:9101D5A84E1FCB9F420415203163D18B606A8A2898B949B7142D8EDD95F7D1EE
                                                                    SHA-512:4963E3C1C9936827A6D23D50D96FC4E082720EDCF536660B60D9EAC8DFACD0F9026429A0FE4E3F83A3414313CB9254880910A1CF1B9807DC403D9120D5B09D70
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:..B.8..2.V# Oi......................................1012546698.?=<>-! #aDGOCueNNDONZ8?=|16TVYXZZ]\.[A@BJEDGrp.r{yx}Jqpssutw.|x{{u|.~TYZZ\VRTlhkjllona................m......................P........................ .......................#..............................................................<476....847688;:.9?> (#"%MIRLZEKA"/.QQSRU.RVYYSZ]\kopxqsvsHFIHJJML.Kqprzutw........na`ccedg.lhkmelon................u..................................................................a................Q....................p.g.t.2.E.n.n.p.o.f.q.[.z.j.{.j.&032 476.>;:?.?>!.#R%V'I)O+X-M/CQ4S3U W7Y}[.])_-A/C,E!G2I.K>M-O=q.sjutwvyx{.x|.~a`cb|dgfqhkj.ion................................................;..............................................n.......................zf!.r''x-`bpyimntqfg=}b1{.......1.6255.698.B.]...bB.A....N..K...f`..efdenh:.h.oi..vu[DGFQHKJ.IONpRsru ;$..<,..2?&.9)).)#Q.].'5.[...................................................................F........

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Chronicle.wav

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 24 bit, mono 48000 Hz
                                                                    Category:dropped
                                                                    Size (bytes):4195262
                                                                    Entropy (8bit):7.249466766230358
                                                                    Encrypted:false
                                                                    SSDEEP:98304:C+tnH7vtUwqso6cDuUb/3ndfi+LZ4Vk1TW6NWvkMxwnyfen0VPBDXp:t71UwqrFLdqO4VyTWv14yfen0V51
                                                                    MD5:95E3154C940F03D5E1172226D0AE8F08
                                                                    SHA1:5AE2A75567E74BC0FE0ACF8970B87F8ABD297703
                                                                    SHA-256:ECFF5A35AA8A50F8C83496AB624560080F7EF5DCCF3B718B2653BA5BBE261FAF
                                                                    SHA-512:3DEA51BC1608AD5872D8C324F3611861846F44D7D9886E5CB35E4A4B45907E6CF8A08DDD24433FCAB2E99623294AD8CEDA76B519E5E4BAE105987E28F3B9112B
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:RIFF..@.WAVEfmt .............2........data..?.]........... ..~..|.....L........q.......w..>t.&l..d.)W..A..2..$.%..............:..4.....H.....E..K..i..Q....(.....w..!........1...s.>f..Y..T..T.kP..J..C.j;..-.R!.{.....9.....?.....A........w.....I..3..I..}................................a..............'......%.....5..9.*C.OH.yI..N.%M..O..R.MZ.fj..n..p. t.t|..~.Q.......O...........y.....A..?.............X....U.....5..F..Z.....%!..1.n?..E..R..Z..b.pp..u.p.....k.......................\..<.....q..]........)..'..E..G........{..k...........O........Q........u..!..3..=.....D.....~.. .......n.....6..;............@.....h..........b.......P.......L..f........h........G.....1.....v..g..Z.+V..Q./Q..M.sD..A.n<. 5..-.0,.J$..........W........!..9........m....."&..+.v+..+.P-.2/..4..9.\:..<..<.QC..@..A.;E.?B..B..?..4.@(.&.....d!....A..y .z'.`-..6.&;.2=..<.^@..J..O..[..d.Ja.V`.#\.{U..T..W.iX..Y.-T..Y..^.nc.Zb.+\..W..S..U.9T..P.kJ..I.YB..<..8..,..%.~...........q........7..&..B.....n.....#..7..

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\FilesystemDialogsCOM.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1082184
                                                                    Entropy (8bit):6.651671452170415
                                                                    Encrypted:false
                                                                    SSDEEP:24576:nS279Ys6S4h+GqUWvBo9UNmctt1hLAx73:xZJZo92mctt1h+
                                                                    MD5:B3D2F2C1B613083271E85148E8C0DF5B
                                                                    SHA1:77D24CEF6C2B2118DCADE8E6E5145599BA96F9CF
                                                                    SHA-256:BB841E22FF485EA6F79808A554BAA8FB13F8971A4549F09BC6665EFA19115F37
                                                                    SHA-512:D0CA04A63FE75F2FADDB3E4AAEB7969A817157568112AF2F152AA88BBC99EC5607F76B75CE4B4104A1CD1FD5A8A3CF8240031DB427D83BDBC993AE88F99815A9
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: CEjWMdiJnR.exe, Detection: malicious, Browse
                                                                    • Filename: CEjWMdiJnR.exe, Detection: malicious, Browse
                                                                    Reputation:low
                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......f...........!.....R...........n.......p....@.......................... ......I.....@..........................P.......0...........P...........T..H/...p...S...................................................2..<....@..f....................text....A.......B.................. ....itext.......`.......F.............. ..`.data....@...p...B...V..............@....bss.....i...............................idata.......0......................@....didata.f....@......................@....edata.......P......................@..@.rdata..E....`......................@..@.reloc...S...p...T..................@..B.rsrc....P.......P..................@..@............. .......T..............@..@........................................................

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Lib_Help.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):450056
                                                                    Entropy (8bit):6.823001455705953
                                                                    Encrypted:false
                                                                    SSDEEP:6144:kqZxsC6NGW2BhVdkPHkEFShuiFVhDz88w/fZmGxVEJJcg3D7f44ywAOcVGatlq4:35tjBrdBEQJFw/Rmyi0ajrveIa64
                                                                    MD5:7E3C43613057E96AB7FF7EDE8D995412
                                                                    SHA1:5A04EFFE29C3072102E2AF73747DE9653E38DDB8
                                                                    SHA-256:3AFE475398B0EDD6A59185008A615A77ED16C1AF49277E1A9754A5B67D032579
                                                                    SHA-512:BD4C7D1F142CE8948C52BBB0DCF352DC4F73C207F6AFE1B0F220ACDBEDDC5B168C0366DABCD254D41B5A10BE176C0B60EF9A846F6787BBDF0C506D5E33DD998A
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 62%
                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......7L..s-..s-..s-..8U.a-..8U..-..8U.k-.....d-.....c-.....U-..`..r-..e..}-.....q-..8U..t-..s-...-..e...-..e...r-..e.?.r-..e..r-..Richs-..................PE..L......f...........!...(.............................................................=....@......................... `.......i..P....... ................*.......>...H..8....................I.......G..@............................................text............................... ..`.rdata..ft.......v..................@..@.data...p ...........\..............@....rsrc... ............l..............@..@.reloc...>.......@...t..............@..B........................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):2607448
                                                                    Entropy (8bit):6.522909241974932
                                                                    Encrypted:false
                                                                    SSDEEP:24576:igvMeNRMMfQTN3gzkRGzrQlmF03WhY0Bohn7jmckZC0LuWGfxpLtioJo9DS1ga+g:SzkdzOmF017yCau/xbilE1g+f2S
                                                                    MD5:5B219E412528752277F1118513D99D43
                                                                    SHA1:374FF5DE005C184E3451ADDDF88F01541ECB9AEE
                                                                    SHA-256:4EAC38DEDFD343F942AE6D56C36D0EF2CBE3E3F34C666F4946FB45C6F6ACB155
                                                                    SHA-512:A4F27D0531D64A7C21DD6488F1C2832CD1BEBA69A226E6DFC4C9000CFC66C95A6BB9849DFE195240816135746157F88A79469D4AB451AA906A89998359F7D367
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                    Preview:MZ......................@.................!v.0..............(...........!..L.!This program cannot be run in DOS mode....$.........u.....................{.......................M........+`......p............................................................@.......Rich............................PE..L......f.....................P.......P%....... ...@..........................p(.....x.'.......................................'......p$...............'.X)....'.....................................................................................0u.................................. ...xwgWeRT....... ....... .............@...nl4l.........".......".............@...gf5DGXU0.....p$.......#.............`...........................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\SLABHIDDevice.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):88064
                                                                    Entropy (8bit):5.798941113099633
                                                                    Encrypted:false
                                                                    SSDEEP:1536:mI9dWjD8aSGAb9BkEwrJcbWyoMBc+s+vCrHQ6iP:n6jLoboHVAqtICrHQDP
                                                                    MD5:80FC6527A2E58A1D60E55458B5D8A2CC
                                                                    SHA1:19846C26374529E10CDA2497807ADF9F30FBF408
                                                                    SHA-256:DD12D8B9518ECEDDB24D90F84C17B12A4114250C910543DEFBF8F54117DDC775
                                                                    SHA-512:32391AF422810FC4E649646FBA9CA644B037D2C037DF63C37CEA545E19B2A63A85D89E935FCDAD923D7675945FE25241D0800FC84390F3B01E28C72ED9CB2B62
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........j...K..K..K.,.K..K.,.K...K.,.K...K..K..K...K..K..K...K.,.K..K.,.K..K.,.K..K.,.K..KRich..K........................PE..L....z.P...........!................{D....................................................@.........................@...*...t...P....@...@......................4...................................h...@...............t............................text...)........................... ..`.rdata..j7.......8..................@..@.data...@-..........................@....rsrc....@...@...B..................@..@.reloc...............@..............@..B........................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\SLABHIDtoUART.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):57856
                                                                    Entropy (8bit):6.070513718411458
                                                                    Encrypted:false
                                                                    SSDEEP:768:Fe+kFu/nY1XfnjjVntzhH8nQkksE1EDJnz+5hAClpt/SRqjfL:FLnOvD1cQkPfz+Zt/ScjfL
                                                                    MD5:7F50DD51ED4163564698C5B4C5AEFB04
                                                                    SHA1:0E6719426F0E310F006FA51EC9A06DE5EE5AE843
                                                                    SHA-256:4118698C1F6269E468839D20259C7572FF959A766713BC0D0E9A193C870A0BEE
                                                                    SHA-512:ADFD218A9217948F0398AACE4C50C9278437CBA7F2F247192E67592D8C80F614A58F0D490F5E28347207ABDC7879A7942AE08A0C0D9E18D75E795849BE5DE3C5
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.=.".S.".S.".S.9w..-.S.9w..`.S.9w..9.S.+... .S..,(.!.S.".R.z.S.9w..'.S.9w..#.S.9w..#.S.9w..#.S.Rich".S.........PE..L....sxP...........!.........\.......L.......................................0............@.....................................<.......|.......................X...p...................................@...............@............................text...9........................... ..`.rdata...4.......6..................@..@.data...............................@....rsrc...|...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\VScopeResENUS.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1142784
                                                                    Entropy (8bit):5.858699241259881
                                                                    Encrypted:false
                                                                    SSDEEP:6144:ip93fvV2dck7CTvBmKNWZMc1cas1PS8Evk:C93fvwcyCToZb
                                                                    MD5:EE92CF2833B90659A437EBD12134D1A1
                                                                    SHA1:51AA0DFFF0B7D9FC5AE02EFEFDF073FA2A9AB017
                                                                    SHA-256:7458F08460B2A7A36F3F390A25E0A7D848B904D13EAA8A047F71A3B343EC5DAD
                                                                    SHA-512:F30CE0E9DDC828FE28630D56B7BB8BD428AE2CA5085D141DBA9248FC185B452F358708307622BF3541940FFD94247DA5C9EDCB103017CF73B97E568FCBF4E39C
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8...8...8..y'...8...8...8..y'...8..)>...8..y'...8..Rich.8..........PE..L......f...........!.........P......Y........ ...............................p....................................... ..6...0 ..<....@.......................`..L.................................................... ..,............................text............................... ..`.rdata....... ....... ..............@..@.data...L....0.......0..............@....rsrc........@... ...@..............@..@.reloc.......`.......`..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\VTDSP.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):2318344
                                                                    Entropy (8bit):6.254342074382034
                                                                    Encrypted:false
                                                                    SSDEEP:24576:S867VzMYbcIhRnKIFU4r/4qcbbW6leVvwoGqqmZs9bE+GU1FL3EwFwzQ38/GPgO6:jfI+IFUY/jcba6leVvwOTYi
                                                                    MD5:E12230C60FEAA066716E126F615826CC
                                                                    SHA1:33190E5A43A2D7A33983DEECE4E7092B6E71C5EE
                                                                    SHA-256:F7E2C841E36BCB04BEC29FF767FADA4D824E92460561A3193C169F1A1CB18823
                                                                    SHA-512:B4BC1A2622BB06F6523CE3A2FF67AE3DF6641B997A24639C46BD900D05CED6E42698878968F54EA719DFDB3FE9F7AD2B071E75D23532F4C9ABF48823001098C0
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......W.J...>.....!...............................p..................................#....... .........................{...........................H@#.............................................................,................................text...............................`.P`.data...............................@.p..rdata...r... ...t..................@.p@.bss..................................p..edata..{............v..............@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... ...........................@.0..reloc..............................@.0B/4..................................@.@B/19..... w.......x..................@..B/31.................................@..B/45.....O...........................@..B/57.................................@.0B/70..................6..............@..B/81..................8..

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Vipro.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):368128
                                                                    Entropy (8bit):7.7611150058724085
                                                                    Encrypted:false
                                                                    SSDEEP:6144:lsGPTen3VS3k/wMGs0RDDcAOZExGXxTkt04oHxXYWv4q7louZlyfY3qkQ7quKcfz:2Grq3Qkb0ZDcjExGheLfYpQuuKcfSRf0
                                                                    MD5:3BFF9554877BD01A201D6BEA3AA94C01
                                                                    SHA1:D7B54BF0DD042A34B1ADE7D57CADF9F082968FC9
                                                                    SHA-256:29080CF6981208027997B783BA3395B6B94DE1BD5931B9B29A2B7AF57DCE4870
                                                                    SHA-512:37DD5CECDF7FFF27C63D15BA9907778D747DC256681A584A332B81413A6E1EFE999EBFF8A32162C130206D2DA813406641E9944C4B403E60EFD94398BDF15E64
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                    Preview:MZ......................@.....................]............. ...........!..L.!This program cannot be run in DOS mode....$.......4.Xp...p...p....7..~....7.......7..n..."...f..."...G..."...o...p......y.|.{.......f.......q.......q.......q...p.x.q.......q...Richp...........................PE..L...d.Ef...........!.........4.......................................................=....@........................................................................................................................................................5m2xY............................... ...Gv7z8pI.@...........................@...Mo1qpM..............................@...bLHfR2..............................@...fXfj3...............................`...........................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\Webinar.pak

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):5855344
                                                                    Entropy (8bit):7.999533600031207
                                                                    Encrypted:true
                                                                    SSDEEP:98304:jes1v06NlQ2+cO2AI/7e7eoVWn40iCXamJJOgvOBhUrB9O6bFxJvd412zRsr:jX1vrlQ2+cOjI/qW40iRmJVvqhSfxDRY
                                                                    MD5:E52CC90D750A4AD108D7395C6620BF7E
                                                                    SHA1:D6E2EFB33B794DAD80DCD0BCCC969FFA4E334A0E
                                                                    SHA-256:D6C921C3D5886B7CB2EFDF4A797BA843A43059FB0E3F87B3AAE4FB91CA8AE312
                                                                    SHA-512:49BF21CD5EAF452C9FBF43DC39D49F744EA26A6F25EE255340390DE71D573FDE1BEE2F5F159198E6C52CFCDA9F9A06CCE176E752DBC2DF3C6CD8D31A78A3152D
                                                                    Malicious:false
                                                                    Preview:.........O.X..6.".d.................................1012546698.?=<>-! #aDGOCueNNDONZ8?=|16TVYXZZ]\.[A@BJEDGrp.r{yx}Jqpssutw.|x{{u|.~TYZZ\VRTlhkjllona................m......................P........................ .......................#..............................................................<476....847688;:.9?> (#"%MIRLZEKA"/.QQSRU.RVYYSZ]\kopxqsvsHFIHJJML.Kqprzutw........na`ccedg.lhkmelon................u..................................................................a................Q....................p.g.t.2.E.n.n.p.o.f.q.[.z.j.{.j.&032 476.>;:?.?>!.#R%V'I)O+X-M/CQ4S3U W7Y}[.])_-A/C,E!G2I.K>M-O=q.sjutwvyx{.x|.~a`cb|dgfqhkj.ion................................................;..............................................n.......................zf!.r''x-`bpyimntqfg=}b1{.......1.6255.698.B.]...bB.A....N..K...f`..efdenh:.h.oi..vu[DGFQHKJ.IONpRsru ;$..<,..2?&.9)).)#Q.].'5.[...................................................................F........

                                                                    C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\fppdes9.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):379392
                                                                    Entropy (8bit):6.668536992124804
                                                                    Encrypted:false
                                                                    SSDEEP:6144:022jgwY1eta3ZZrlgnP5IxRn+ppnlBwX9alZTeHQu+8gDiWboHgcZ:02RsPax5+phlBW9jw7PhiVZ
                                                                    MD5:F2A07730F45B6E91638740E8AA003863
                                                                    SHA1:E8E6FC958167DB4EE0D966B18EE0248C3FD6BA2C
                                                                    SHA-256:CDA783A83F913A6860A609408901880BAFB0967AD324F748D078757005D7EC44
                                                                    SHA-512:6EB61AA9290E0AD40907A3030A9470C376FF9682A7AD510B86C8CC21834F27068BBC9EEE843443EB24574F78F7ED1EEC621A4FCA7836F81F5FD3B64D9D9EFF65
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......iK..-*..-*..-*..fR..!*..fR...*..fR..8*...\./*....:*....=*.....*.....'*..;....*...../*..fR..<*..-*...*..;...,*..;...,*..;.^.,*..;...,*..Rich-*..................PE..L......f...........!...(.............?....................................................@..........................`..D....`..........|.......................p<..8H..8....................H......xG..@............................................text............................... ..`.rdata...o.......p..................@..@.data....@...p...*...Z..............@....rsrc...|...........................@..@.reloc..p<.......>..................@..B................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aaqrtewpswwdy

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aasefeeraoidf

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aasefeeraoidf-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aeuhopaqefped

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aeuhopaqefped-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Afaepqhwhdyry

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Afwfrridstaee

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ahaaoiuwiftse

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ahpetprotheie

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aiedtswehrypi

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aihadwsihedtu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aiqyewpdsfttp

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aiqyewpdsfttp-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aoaorwyuiyier

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aoifeedhafotd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aoiftedtuhhyq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Apahfisowuyht

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aqhseawefipdu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aqhseawefipdu-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aqthapruiftqe

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aswoohhwryiup

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aswoohhwryiup-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Atapydaasfeyr

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Atdtofoyessty

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Atdtofoyessty-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Auareedhhausp

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Aufethorwhhde

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ayfautyioarus

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ayfautyioarus-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Dawaswafdsriy

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Defehwpd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Deiddtuuoriuyso

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Deiddtuuoriuyso-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Deiytaoswspahuq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Dhtaqwi

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Dhtaqwi-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Dpodfyeeueyu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Dpodfyeeueyu-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Drihpwouttt

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Drihpwouttt-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Drtrsteefseqqif

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Dsqssiiqausuus

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Dtwfto

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Dutuiiaeeu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Dwiteedafwo

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Dyaufieui

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Earqwtph

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Eataaapu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Edpqryiqsaofydo

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Edsrditefueepuh

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Eeaeqrweauiqter

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Eeaeqrweauiqter-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Eeoaeaps

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Efdfoedtuoayfse

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Efdfoedtuoayfse-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Efeddtpe

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Efhrpeypppyofew

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Efoydaee

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Efqeifortqeuyed

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ehqfpiet

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ehwypeuw

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Eioyudytsrrdqye

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Eittsefehqeyhsy

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Epffpfrs

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ephseuwihreoits

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Epqofettwrtqeta

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Erdefhef

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ereidurr

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ersefeshaouwysh

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Erwreehf

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Erwreehf-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Espyhsei

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Etiqurqw

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Eusehutu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ewqiwsoi

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ewuqdoadfewoded

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Eydohriepsdieyu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Eyouefep

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Faaepo

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Fddewu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Fddewu-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Fdpeuh

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Fduher

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Fiusup

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Fiwqtq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Foiopq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Fopfuq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Fppiat

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Frhoqt

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Frsdaa

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Fsdqwu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ftpopu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ftpopu-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Fttaey

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hadsswr

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hedided

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hehuhre

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Heriyii

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hesqswe

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hhoddfi

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hhydtyp

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hhydtyp-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hiopufd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hopohfo

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hopohfo-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hosfuet

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hqdotdy

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hqdotdy-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hshaera

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Htaahyt

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hwspqpu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hwuqyte

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hypwuef

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Hypwuef-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Iaqaftrtoey

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Iauthuodeqs

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ieetyqupite

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ifefidefhas

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Iheeyqwaita

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ioaspouwuuf

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Iohoffdsddu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ipawuprahsw

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Iqswedhoyue

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Irowsssoqai

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Irowsssoqai-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ispuhahqruu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Itqfoyqoets

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Iwqdfupypdt

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Iwqdfupypdt-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Oapesoutiqfo

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Oeaaheeeofoe

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Oeuoyieyyfaf

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ofqsstueieuw

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ohqftowrtrst

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ohtiyuyiwfde

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Oieefwywffpy

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Oirrhrddfssr

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ooyffrrdosie

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Opuypwqieqet

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Oqqayuwwerui

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Oqtiwreihyrd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Orfudffautiw

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Osiqhhpffpqd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Osuefewwqofh

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Othwusdooaae

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Oufqyshrpaod

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Oyeyhfrstqud

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Oyssetosofqd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pahsotyasqidf

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Paruupuohesef

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pdhower

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pdiaseuyidu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pfqore

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pfufsf

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Phdraee

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Phdraee-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Phoueqp

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Poiofuiuwahy

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Popqpeuaoeqi

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Popwrtoopwed

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pryaswwfo

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pryaswwfo-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Psaieeiwftwur

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Psetiwsyqsfouti

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pseuaoehftiaifh

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pseuaoehftiaifh-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Psywtwpwd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ptarspeqwhsei

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ptfodt

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pwdaepdeerdeu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Pywiswfed

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Qapqwqqsetqyih

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Qduefpqsuahirs

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Qessaweiyeeret

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Qfeppeheuhpquo

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Qraeyouqitoewy

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Qrrtduuwptepup

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Qsueqafhspaffd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Qthhdwyouihawr

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Qtydowypyrsysd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Qyypfheueddftq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Raesedpuwwqdo

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Reewrrhy

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Reuywoadaieuiiw

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rewtaeosotwtyth

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rfehiq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rfehiq-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rfsasr

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rhyqihp

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rieutdtohdd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rpeeqseowouwqee

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rqaeffoewrdure

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rrotfruawodi

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rrpeiwtedfaoutr

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rrpeiwtedfaoutr-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rrwwidafteq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rsaaofsoaaiif

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rtwypaufd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ruyereeuhe

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ruyphidsee

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rwuiyeqpse

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ryiofered

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Rysrqeyqe

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Saqddupsyduer

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:modified
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Sesdqspp

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Sessepuwoyweywe

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Siiopsefwyr

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Spdeytyu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Sqhqasadewwtpw

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ssiwufoduuf

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ssiwufoduuf-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Styppuqty

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Suaeosydwp

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Sweitute

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Swhyfrh

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Swihurpfoiq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Swywaihpy

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Sypahiuqd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\TMP6AC3.tmp

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                    File Type:7-zip archive data, version 0.4
                                                                    Category:dropped
                                                                    Size (bytes):10028649
                                                                    Entropy (8bit):7.999981396149042
                                                                    Encrypted:true
                                                                    SSDEEP:196608:Q3QvAaLnTOqmEAnUdQr5BUMpDUIWYlSfA3NJ4FiyveVqAmuISyRAh1:QuGquaQzpAIvMA3Ng2fm7Sph1
                                                                    MD5:56609925D59CED6B18DBE34DC5564E52
                                                                    SHA1:4B40E23CDB9DDE200DD59AE6FEE1A28D0C252846
                                                                    SHA-256:E6D229E3AADAEF813272FF69F738FC7FEE0EB30188639C30D5634881E854B311
                                                                    SHA-512:81CC7A87015237F35F059C06E99A8E07711F40D480721BD38FE4A491CEB61354CC59F294C8A07D03526B6A9DE96D6D56C1EE2E7D7D21B9EA52030B560A9C1696
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Preview:7z..'....M:_$.......%..........6..........;..x%....Z.h...T.E..=?..2..k.9..x.:.. ..]..t.O.w.tt..|...K.g.hG....;YR.F..dg..i....,.S...K..CH.o.A.5...^7_).c..t..<...8x.97..pnQ|D.3..n..........%8.m.>......@....(;...p...&ON...q...W...6>(........`...t.^.$G.9......cU;..|Y;k~69....."6...d...)..NGo..Ykq.x.4...;g..Nmq..=.h........7j{.Y.H...;Q..e+#)...fb....n..b*(...D....p..G..^{_`.K.VG...a......5d.~.E.M4.k0.n......8AG.~..7.N...W...}....U..L+......8..(.d....G..(D.Z..yK.....W.....@*..].*.."t...d.WA.X.....loqGZ..s_nmXN....`.t...H%B.x.Fi.]...V....p....<....]..5W..c..L.6..s.;o.R..m....P?....#w....V.d6{.....}....l|p.......d..8..w....Q..^...+~.$M..j..B.[..D%.3..NDk...}..ZL.p..8.%G.m.......I...........6.a0.J...../.I..d. UE..%..-......]....`...V.7hb.....{..tc.>W.|>.......z..j.b......8.3..~Vl...|.....-..Y.:.k..8..4...w.."....II.YL3..4s..?.:.0.<1^.9$e...q..{auG./W...........1b..M..c`B......./L...Y?G0.I..P$.e.Sd1.^.=.Mr...F..U.v.....Hq..k\2o....w...c.z..

                                                                    C:\Users\user\AppData\Local\Temp\Tdqeeoihsfphed

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Tdqeeoihsfphed-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Tdsedowe

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Tdsedowe-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Tehfoeowyyiyhii

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Thsweuo

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Toqhqrosayea

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Towiedwioyef

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Tpeteddd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Treodrharfewaud

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Tsffrh

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Tsqesaaysedueo

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ttqaraqaureyos

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Tytqfdfar

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Tytqfdfar-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Udeyyaeeqd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Udfioqpfur

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Uedqhiripp

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ueofeuefpr

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ueofeuefpr-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ueuqsyitea

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Uewaisfehw

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ufepaiuuwu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Upfryorahq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Uqusqshdii

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Uqyfhtydhu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Uropaurtwa

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Urrpuoeheq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Usytrwdsft

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Utihrqohqe

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wadrdqfuaehst

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Weiqfpey

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Weiqfpey-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wftafy

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wfuoww

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Whriuep

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wifirwthasq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wioetdddaea

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wqiprpiyharhew

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wroeyseewtsf

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wseiieyd

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wsweawsardudsey

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wuftiwqiiq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):49152
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:F4F35D60B3CC18AAA6D8D92F0CD3708A
                                                                    SHA1:6FECD5769C727E137B7580AE3B1823B06EE6F9D9
                                                                    SHA-256:2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
                                                                    SHA-512:A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wuipteywyt

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wwiytewfhra

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wwpseart

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Wyfedthpq

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Yeydsrere

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Yfesordta

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Yfypoyaiu

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Yiryuwyip

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Yoedseyff

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Yoedseyff-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ypeftipew

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Yreptears

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ysfdyehdh

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):106496
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ysfiwweds

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):98304
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ysfiwweds-shm

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):0.017262956703125623
                                                                    Encrypted:false
                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                    Malicious:false
                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Ytpudytrr

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:76B973F7B910A22256212C63ADB7A103
                                                                    SHA1:2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
                                                                    SHA-256:96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
                                                                    SHA-512:4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Yuhwepaut

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Yushfdfhh

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40960
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\Yyepfowys

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):28672
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3::
                                                                    MD5:CF845A781C107EC1346E849C9DD1B7E8
                                                                    SHA1:B44CCC7F7D519352422E59EE8B0BDBAC881768A7
                                                                    SHA-256:18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
                                                                    SHA-512:4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
                                                                    Malicious:false
                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1l4yyufi.lj4.ps1

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4vemlmps.exw.psm1

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bw52waep.15l.ps1

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jzxpbqjw.jh3.psm1

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Entropy (8bit):7.8419329966357765
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:UFh7A8CImG.exe
                                                                    File size:13'858'920 bytes
                                                                    MD5:33285b33f1d7997939c34a2deb30beac
                                                                    SHA1:0a2dc41c5e470fee6a1247111b3fd0fac66ced4d
                                                                    SHA256:807cf9e5e22a71ca4bf1e31e955c1e2dfc80f1d38decf8b52857c29aadf04b90
                                                                    SHA512:62f30d1eac1e2c08a9cf21df584feb7e0ea46903f6f5fb27c94460f4863193ff90fb695ddb3a1872ec48cd040295369302f8eac06e7c7039e6382f3575e8f67a
                                                                    SSDEEP:196608:mwQZBqm3QvAaLnTOqmEAnUdQr5BUMpDUIWYlSfA3NJ4FiyveVqAmuISyRAh+:mjZPuGquaQzpAIvMA3Ng2fm7Sph+
                                                                    TLSH:3AD61282FB8781F1D983027521BA6BBF4D3E59104724C9D3DBE01DBA98226D1673F399
                                                                    File Content Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......8J$q|+J"|+J"|+J"7SI#i+J"7SO#.+J"7SN#`+J"...".+J"..I#e+J"..N#h+J"..O#.+J"|+J"k+J"o.O#r+J"j.N#r+J"..N#X(J"o.N#J+J"7SK#s+J"|+K".+J

                                                                    File Icon

                                                                    Icon Hash:8ab34d96b2b291b3

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x67bf59
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:true
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x66C89F67 [Fri Aug 23 14:40:39 2024 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:6
                                                                    OS Version Minor:0
                                                                    File Version Major:6
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:6
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:9a90578b9405590fea289e7bfd4992ce

                                                                    Authenticode Signature

                                                                    Signature Valid:
                                                                    Signature Issuer:
                                                                    Signature Validation Error:
                                                                    Error Number:
                                                                    Not Before, Not After
                                                                      Subject Chain
                                                                        Version:
                                                                        Thumbprint MD5:
                                                                        Thumbprint SHA-1:
                                                                        Thumbprint SHA-256:
                                                                        Serial:

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        call 00007FF5D4DB3DA6h
                                                                        jmp 00007FF5D4DB2CAFh
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        cmp cl, 00000040h
                                                                        jnc 00007FF5D4DB2E47h
                                                                        cmp cl, 00000020h
                                                                        jnc 00007FF5D4DB2E38h
                                                                        shld edx, eax, cl
                                                                        shl eax, cl
                                                                        ret
                                                                        mov edx, eax
                                                                        xor eax, eax
                                                                        and cl, 0000001Fh
                                                                        shl edx, cl
                                                                        ret
                                                                        xor eax, eax
                                                                        xor edx, edx
                                                                        ret
                                                                        int3
                                                                        cmp cl, 00000040h
                                                                        jnc 00007FF5D4DB2E47h
                                                                        cmp cl, 00000020h
                                                                        jnc 00007FF5D4DB2E38h
                                                                        shrd eax, edx, cl
                                                                        shr edx, cl
                                                                        ret
                                                                        mov eax, edx
                                                                        xor edx, edx
                                                                        and cl, 0000001Fh
                                                                        shr eax, cl
                                                                        ret
                                                                        xor eax, eax
                                                                        xor edx, edx
                                                                        ret
                                                                        push ebp
                                                                        mov ebp, esp
                                                                        and dword ptr [0075DF6Ch], 00000000h
                                                                        sub esp, 28h
                                                                        or dword ptr [0075A218h], 01h
                                                                        push 0000000Ah
                                                                        call dword ptr [006AD298h]
                                                                        test eax, eax
                                                                        je 00007FF5D4DB313Bh
                                                                        push ebx
                                                                        push esi
                                                                        push edi
                                                                        xor eax, eax
                                                                        lea edi, dword ptr [ebp-28h]
                                                                        xor ecx, ecx
                                                                        push ebx
                                                                        cpuid
                                                                        mov esi, ebx
                                                                        pop ebx
                                                                        nop
                                                                        mov dword ptr [edi], eax
                                                                        mov dword ptr [edi+04h], esi
                                                                        mov dword ptr [edi+08h], ecx
                                                                        xor ecx, ecx
                                                                        mov dword ptr [edi+0Ch], edx
                                                                        mov eax, dword ptr [ebp-28h]
                                                                        mov edi, dword ptr [ebp-24h]
                                                                        mov dword ptr [ebp-04h], eax
                                                                        xor edi, 756E6547h
                                                                        mov eax, dword ptr [ebp-1Ch]
                                                                        xor eax, 49656E69h
                                                                        mov dword ptr [ebp-18h], eax
                                                                        mov eax, dword ptr [ebp-20h]
                                                                        xor eax, 6C65746Eh
                                                                        mov dword ptr [ebp-14h], eax
                                                                        xor eax, eax
                                                                        inc eax
                                                                        push ebx
                                                                        cpuid
                                                                        mov esi, ebx
                                                                        pop ebx
                                                                        nop

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x3552800x8d4.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x355b540xa0.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x3600000x9bf2c2.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xd354000x2868.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xd200000x1bc04.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x350ac00x18.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3509a00x40.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x2ad0000x39c.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x10000x2ab3850x2ab400c38a7839491d451c424ff9d9bb7b0a88unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rdata0x2ad0000xa9f060xaa000dde21f22aed1638fd27d6f79d7c50ec1False0.4363439223345588data5.873851934453275IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .data0x3570000x82480x46000284252406cf4a9efd7fd159c8fb53d0False0.47879464285714285data5.4275815266420695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .rsrc0x3600000x9bf2c20x9bf4002e999294b0192854ec9a9da57f0a8af8unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .reloc0xd200000x1bc040x1be00d45c94e74783d468abea430495709282False0.5969468189461884data6.631086920747496IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        RT_ICON0x3604b80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 6400.3225806451612903
                                                                        RT_ICON0x3607a00x128Device independent bitmap graphic, 16 x 32 x 4, image size 1920.47635135135135137
                                                                        RT_ICON0x3608c80x1628Device independent bitmap graphic, 64 x 128 x 8, image size 46080.29231311706629054
                                                                        RT_ICON0x361ef00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 26880.3763326226012793
                                                                        RT_ICON0x362d980x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 11520.49684115523465705
                                                                        RT_ICON0x3636400x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.5166184971098265
                                                                        RT_ICON0x363ba80x75ecPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9985755929508414
                                                                        RT_ICON0x36b1940x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.15813537944082404
                                                                        RT_ICON0x37463c0x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 265600.1744736842105263
                                                                        RT_ICON0x37ae240x5488Device independent bitmap graphic, 72 x 144 x 32, image size 216000.18345656192236598
                                                                        RT_ICON0x3802ac0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.19555975436939066
                                                                        RT_ICON0x3844d40x3a48Device independent bitmap graphic, 60 x 120 x 32, image size 148800.20951742627345846
                                                                        RT_ICON0x387f1c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.23195020746887968
                                                                        RT_ICON0x38a4c40x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 67200.25576923076923075
                                                                        RT_ICON0x38bf2c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.29620075046904315
                                                                        RT_ICON0x38cfd40x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.3528688524590164
                                                                        RT_ICON0x38d95c0x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 16800.34767441860465115
                                                                        RT_ICON0x38e0140x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.17819148936170212
                                                                        RT_RCDATA0x38e47c0x990669data1.0003108978271484
                                                                        RT_GROUP_ICON0xd1eae80x102data0.6395348837209303
                                                                        RT_VERSION0xd1ebec0x556data0.3557833089311859
                                                                        RT_MANIFEST0xd1f1440x17eXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.612565445026178

                                                                        Imports

                                                                        DLLImport
                                                                        KERNEL32.dllGetTempPathW, EnumResourceNamesW, GetEnvironmentVariableW, EnumResourceTypesW, lstrlenW, FindFirstFileW, SizeofResource, WriteConsoleW, GetProcessHeap, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, FindClose, HeapSize, GetTimeZoneInformation, SetEndOfFile, HeapReAlloc, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, GetTimeFormatW, GetDateFormatW, HeapFree, GetLastError, LockResource, GlobalAlloc, LoadResource, FindResourceW, WideCharToMultiByte, lstrcpyW, GetTempFileNameW, GetFileAttributesW, CreateFile2, CloseHandle, MultiByteToWideChar, IsValidCodePage, GetACP, GetOEMCP, CreateFileA, CreateFileW, GetFileAttributesA, GetFileInformationByHandle, GetFileType, GetFullPathNameW, ReadFile, WriteFile, PeekNamedPipe, GetExitCodeProcess, Sleep, GetStdHandle, SearchPathA, DuplicateHandle, SetHandleInformation, CreatePipe, GetCurrentProcess, CreateProcessA, OpenProcess, GetProcAddress, LoadLibraryA, WaitForSingleObject, SetWaitableTimer, CreateWaitableTimerA, ReleaseMutex, CreateMutexA, CreateThread, GetModuleHandleW, SetLastError, InitializeSRWLock, ReleaseSRWLockExclusive, ReleaseSRWLockShared, AcquireSRWLockExclusive, AcquireSRWLockShared, GetCurrentThreadId, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleExW, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualFree, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, TryEnterCriticalSection, DeleteCriticalSection, ReleaseSemaphore, GetExitCodeThread, CreateSemaphoreA, GetSystemDirectoryA, FreeLibrary, FormatMessageA, LoadLibraryW, GetSystemTime, SystemTimeToFileTime, FindNextFileW, GetConsoleMode, SetConsoleMode, ReadConsoleA, ReadConsoleW, SleepConditionVariableCS, WakeAllConditionVariable, InitializeConditionVariable, SleepEx, CreateWaitableTimerW, WaitForMultipleObjects, CancelWaitableTimer, CreateEventW, SetEvent, ResetEvent, VerifyVersionInfoA, GetQueuedCompletionStatus, PostQueuedCompletionStatus, GetVersionExA, QueryPerformanceFrequency, CancelIoEx, GetOverlappedResult, VerSetConditionMask, QueryPerformanceCounter, CreateIoCompletionPort, IsWow64Process, DeviceIoControl, LocalFree, GetLocaleInfoEx, GetStringTypeW, GetCurrentDirectoryW, FindFirstFileExW, GetFileAttributesExW, AreFileApisANSI, GetFileInformationByHandleEx, InitializeCriticalSectionEx, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, InitializeCriticalSectionAndSpinCount, LoadLibraryExW, ExitProcess, SetStdHandle, SetFilePointerEx, GetConsoleOutputCP, SetConsoleCtrlHandler, ExitThread, FreeLibraryAndExitThread, GetDriveTypeW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetModuleFileNameW, GetFileSizeEx, HeapAlloc, FlushFileBuffers, CreateDirectoryW
                                                                        USER32.dllGetProcessWindowStation, MessageBoxW, GetUserObjectInformationW, MessageBoxA
                                                                        SHELL32.dllShellExecuteW
                                                                        SHLWAPI.dllPathFileExistsW
                                                                        WS2_32.dllsend, recv, WSASetLastError, getservbyname, getservbyport, gethostbyaddr, inet_ntoa, inet_addr, htons, closesocket, recvfrom, connect, WSACleanup, WSAStartup, gethostbyname, select, ntohs, getsockopt, getsockname, ioctlsocket, ntohl, htonl, setsockopt, socket, shutdown, getpeername, sendto, WSAGetLastError
                                                                        CRYPT32.dllCertGetCertificateContextProperty, CertFreeCertificateContext, CertDuplicateCertificateContext, CertFindCertificateInStore, CertEnumCertificatesInStore, CertCloseStore, CertOpenStore, CertOpenSystemStoreW
                                                                        ADVAPI32.dllCryptReleaseContext, CryptSignHashW, CryptGenRandom, DeregisterEventSource, RegisterEventSourceW, ReportEventW, CryptAcquireContextW, CryptDestroyKey, CryptSetHashParam, CryptGetProvParam, CryptGetUserKey, CryptExportKey, CryptDecrypt, CryptCreateHash, CryptDestroyHash, CryptEnumProvidersW

                                                                        Exports

                                                                        NameOrdinalAddress
                                                                        caerBiasCoarseFine1024FromCurrent10x4acf80
                                                                        caerBiasCoarseFine1024Generate20x4ad0e0
                                                                        caerBiasCoarseFine1024Parse30x4ad0e0
                                                                        caerBiasCoarseFine1024ToCurrent40x4ad100
                                                                        caerBiasCoarseFineFromCurrent50x4be6c0
                                                                        caerBiasCoarseFineGenerate60x4be790
                                                                        caerBiasCoarseFineParse70x4be810
                                                                        caerBiasCoarseFineToCurrent80x4be860
                                                                        caerBiasDynapseGenerate90x4b6c50
                                                                        caerBiasDynapseParse100x4b6d30
                                                                        caerBiasShiftedSourceGenerate110x4be8d0
                                                                        caerBiasShiftedSourceParse120x4be920
                                                                        caerBiasVDACGenerate130x4be980
                                                                        caerBiasVDACParse140x4be9a0
                                                                        caerDVS128InfoGet150x4c4420
                                                                        caerDVS132SInfoGet160x4ad170
                                                                        caerDVXplorerInfoGet170x4b0fb0
                                                                        caerDavisInfoGet180x4be9c0
                                                                        caerDavisROIConfigure190x4bea90
                                                                        caerDeviceClose200x4ac920
                                                                        caerDeviceConfigGet210x4ac960
                                                                        caerDeviceConfigGet64220x4ac9a0
                                                                        caerDeviceConfigSet230x4acaa0
                                                                        caerDeviceDataGet240x4acad0
                                                                        caerDeviceDataStart250x4acb00
                                                                        caerDeviceDataStop260x4acb30
                                                                        caerDeviceOpen270x4acb60
                                                                        caerDeviceOpenSerial280x4acba0
                                                                        caerDeviceSendDefaultConfig290x4acbd0
                                                                        caerDynapseCoreAddrToNeuronId300x4b6de0
                                                                        caerDynapseCoreXYToNeuronId310x4b6e10
                                                                        caerDynapseGenerateCamBits320x4b6e40
                                                                        caerDynapseGenerateSramBits330x4b6e90
                                                                        caerDynapseInfoGet340x4b6f00
                                                                        caerDynapseSendDataToUSB350x4b6f70
                                                                        caerDynapseSpikeEventFromXY360x4b7040
                                                                        caerDynapseSpikeEventGetX370x4b7100
                                                                        caerDynapseSpikeEventGetY380x4b7130
                                                                        caerDynapseWriteCam390x4b7170
                                                                        caerDynapseWritePoissonSpikeRate400x4b71f0
                                                                        caerDynapseWriteSram410x4b7250
                                                                        caerDynapseWriteSramN420x4b72d0
                                                                        caerDynapseWriteSramWords430x4b7320
                                                                        caerEDVSInfoGet440x4acc00
                                                                        caerFilterDVSNoiseApply450x4c6ee0
                                                                        caerFilterDVSNoiseConfigGet460x4c7370
                                                                        caerFilterDVSNoiseConfigSet470x4c75b0
                                                                        caerFilterDVSNoiseDestroy480x4c77e0
                                                                        caerFilterDVSNoiseGetHotPixels490x4c7810
                                                                        caerFilterDVSNoiseInitialize500x4c7860
                                                                        caerFilterDVSNoiseStatsApply510x4c78d0
                                                                        caerFrameUtilsContrast520x4c8460
                                                                        caerFrameUtilsDemosaic530x4c8690
                                                                        caerLog540x4acc30
                                                                        caerLogCallbackGet550x4acc60
                                                                        caerLogCallbackSet560x4acc70
                                                                        caerLogDisable570x4acc80
                                                                        caerLogDisabled580x4acca0
                                                                        caerLogFileDescriptorsGetFirst590x4accc0
                                                                        caerLogFileDescriptorsGetSecond600x4accd0
                                                                        caerLogFileDescriptorsSet610x4acce0
                                                                        caerLogLevelGet620x4acd00
                                                                        caerLogLevelSet630x4acd10
                                                                        caerLogVA640x4acd20
                                                                        caerLogVAFull650x4acd50
                                                                        caerSamsungEVKInfoGet660x4ba8c0

                                                                        Network Behavior

                                                                        Suricata IDS Alerts

                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                        2024-12-11T16:20:13.305878+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44976677.221.149.84443TCP
                                                                        2024-12-11T16:20:13.374734+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44976789.116.191.177443TCP
                                                                        2024-12-11T16:20:13.429716+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449768213.210.13.4443TCP
                                                                        2024-12-11T16:20:13.474919+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449769193.188.22.40443TCP
                                                                        2024-12-11T16:20:40.249455+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44983577.221.149.84443TCP
                                                                        2024-12-11T16:20:40.296932+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44983689.116.191.177443TCP
                                                                        2024-12-11T16:20:40.356516+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449837213.210.13.4443TCP
                                                                        2024-12-11T16:20:40.413926+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449838193.188.22.40443TCP
                                                                        2024-12-11T16:20:48.811294+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44985977.221.149.84443TCP
                                                                        2024-12-11T16:20:48.902682+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44986289.116.191.177443TCP
                                                                        2024-12-11T16:20:48.969870+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449864213.210.13.4443TCP
                                                                        2024-12-11T16:20:49.031702+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449866193.188.22.40443TCP
                                                                        2024-12-11T16:20:55.417285+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44988277.221.149.84443TCP
                                                                        2024-12-11T16:20:55.472356+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44988389.116.191.177443TCP
                                                                        2024-12-11T16:20:55.517739+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449884213.210.13.4443TCP
                                                                        2024-12-11T16:20:55.573573+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449885193.188.22.40443TCP
                                                                        2024-12-11T16:20:57.928233+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44989877.221.149.84443TCP
                                                                        2024-12-11T16:20:57.981516+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44990089.116.191.177443TCP
                                                                        2024-12-11T16:20:58.043112+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449901213.210.13.4443TCP
                                                                        2024-12-11T16:20:58.108100+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449902193.188.22.40443TCP
                                                                        2024-12-11T16:21:00.609089+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44991277.221.149.84443TCP
                                                                        2024-12-11T16:21:00.697448+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44991389.116.191.177443TCP
                                                                        2024-12-11T16:21:00.749246+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449914213.210.13.4443TCP
                                                                        2024-12-11T16:21:00.806160+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449915193.188.22.40443TCP
                                                                        2024-12-11T16:21:05.261872+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44993077.221.149.84443TCP
                                                                        2024-12-11T16:21:05.339996+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44993189.116.191.177443TCP
                                                                        2024-12-11T16:21:06.439787+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449932213.210.13.4443TCP
                                                                        2024-12-11T16:21:06.510103+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449934193.188.22.40443TCP
                                                                        2024-12-11T16:21:09.045787+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44994477.221.149.84443TCP
                                                                        2024-12-11T16:21:09.116217+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44994589.116.191.177443TCP
                                                                        2024-12-11T16:21:09.165381+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449946213.210.13.4443TCP
                                                                        2024-12-11T16:21:09.215252+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449947193.188.22.40443TCP
                                                                        2024-12-11T16:21:11.524277+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44995977.221.149.84443TCP
                                                                        2024-12-11T16:21:11.573357+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44996189.116.191.177443TCP
                                                                        2024-12-11T16:21:11.625747+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449963213.210.13.4443TCP
                                                                        2024-12-11T16:21:11.695240+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449964193.188.22.40443TCP
                                                                        2024-12-11T16:21:16.026216+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44997977.221.149.84443TCP
                                                                        2024-12-11T16:21:16.097757+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44998089.116.191.177443TCP
                                                                        2024-12-11T16:21:16.154703+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449981213.210.13.4443TCP
                                                                        2024-12-11T16:21:16.233722+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449982193.188.22.40443TCP
                                                                        2024-12-11T16:21:18.701549+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44999277.221.149.84443TCP
                                                                        2024-12-11T16:21:18.789051+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.44999389.116.191.177443TCP
                                                                        2024-12-11T16:21:18.867388+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449994213.210.13.4443TCP
                                                                        2024-12-11T16:21:18.943422+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.449995193.188.22.40443TCP
                                                                        2024-12-11T16:21:21.279067+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45000577.221.149.84443TCP
                                                                        2024-12-11T16:21:21.335371+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45000689.116.191.177443TCP
                                                                        2024-12-11T16:21:21.381103+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450007213.210.13.4443TCP
                                                                        2024-12-11T16:21:21.441685+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450008193.188.22.40443TCP
                                                                        2024-12-11T16:21:25.764053+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45002377.221.149.84443TCP
                                                                        2024-12-11T16:21:25.807240+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45002489.116.191.177443TCP
                                                                        2024-12-11T16:21:25.857669+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450025213.210.13.4443TCP
                                                                        2024-12-11T16:21:26.980132+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450026193.188.22.40443TCP
                                                                        2024-12-11T16:21:29.346886+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45004177.221.149.84443TCP
                                                                        2024-12-11T16:21:29.413996+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45004289.116.191.177443TCP
                                                                        2024-12-11T16:21:29.463255+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450043213.210.13.4443TCP
                                                                        2024-12-11T16:21:30.544801+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450044193.188.22.40443TCP
                                                                        2024-12-11T16:21:32.916030+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45005577.221.149.84443TCP
                                                                        2024-12-11T16:21:32.975659+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45005689.116.191.177443TCP
                                                                        2024-12-11T16:21:33.025784+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450057213.210.13.4443TCP
                                                                        2024-12-11T16:21:33.076558+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450058193.188.22.40443TCP
                                                                        2024-12-11T16:21:38.542939+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45007777.221.149.84443TCP
                                                                        2024-12-11T16:21:38.603029+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45007889.116.191.177443TCP
                                                                        2024-12-11T16:21:38.647312+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450079213.210.13.4443TCP
                                                                        2024-12-11T16:21:38.700116+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450080193.188.22.40443TCP
                                                                        2024-12-11T16:21:41.174137+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45009077.221.149.84443TCP
                                                                        2024-12-11T16:21:41.225588+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45009189.116.191.177443TCP
                                                                        2024-12-11T16:21:41.269749+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450092213.210.13.4443TCP
                                                                        2024-12-11T16:21:41.339466+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450093193.188.22.40443TCP
                                                                        2024-12-11T16:21:45.091020+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45010877.221.149.84443TCP
                                                                        2024-12-11T16:21:45.172326+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45010989.116.191.177443TCP
                                                                        2024-12-11T16:21:45.223572+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450110213.210.13.4443TCP
                                                                        2024-12-11T16:21:45.315281+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450111193.188.22.40443TCP
                                                                        2024-12-11T16:21:50.818784+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45012777.221.149.84443TCP
                                                                        2024-12-11T16:21:50.866471+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45012889.116.191.177443TCP
                                                                        2024-12-11T16:21:50.928435+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450129213.210.13.4443TCP
                                                                        2024-12-11T16:21:50.974114+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450130193.188.22.40443TCP
                                                                        2024-12-11T16:21:53.355091+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45014177.221.149.84443TCP
                                                                        2024-12-11T16:21:53.431566+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45014289.116.191.177443TCP
                                                                        2024-12-11T16:21:53.499724+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450143213.210.13.4443TCP
                                                                        2024-12-11T16:21:53.581869+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450144193.188.22.40443TCP
                                                                        2024-12-11T16:21:55.964374+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45015777.221.149.84443TCP
                                                                        2024-12-11T16:21:56.028077+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45015889.116.191.177443TCP
                                                                        2024-12-11T16:21:56.114017+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450159213.210.13.4443TCP
                                                                        2024-12-11T16:21:56.190222+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450160193.188.22.40443TCP
                                                                        2024-12-11T16:22:00.511839+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45017577.221.149.84443TCP
                                                                        2024-12-11T16:22:00.568737+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45017689.116.191.177443TCP
                                                                        2024-12-11T16:22:00.632474+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450177213.210.13.4443TCP
                                                                        2024-12-11T16:22:00.694060+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450178193.188.22.40443TCP
                                                                        2024-12-11T16:22:03.235800+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45018377.221.149.84443TCP
                                                                        2024-12-11T16:22:03.356885+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45018489.116.191.177443TCP
                                                                        2024-12-11T16:22:03.433726+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450185213.210.13.4443TCP
                                                                        2024-12-11T16:22:04.503353+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450186193.188.22.40443TCP
                                                                        2024-12-11T16:22:06.816268+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45019177.221.149.84443TCP
                                                                        2024-12-11T16:22:06.863207+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45019289.116.191.177443TCP
                                                                        2024-12-11T16:22:06.926670+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450193213.210.13.4443TCP
                                                                        2024-12-11T16:22:06.985789+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450194193.188.22.40443TCP
                                                                        2024-12-11T16:22:11.388141+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45019977.221.149.84443TCP
                                                                        2024-12-11T16:22:11.447227+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45020089.116.191.177443TCP
                                                                        2024-12-11T16:22:11.553278+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450201213.210.13.4443TCP
                                                                        2024-12-11T16:22:11.636891+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450202193.188.22.40443TCP
                                                                        2024-12-11T16:22:14.177339+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45020777.221.149.84443TCP
                                                                        2024-12-11T16:22:14.224586+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45020889.116.191.177443TCP
                                                                        2024-12-11T16:22:14.293452+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450209213.210.13.4443TCP
                                                                        2024-12-11T16:22:15.385976+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450210193.188.22.40443TCP
                                                                        2024-12-11T16:22:17.850074+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45021577.221.149.84443TCP
                                                                        2024-12-11T16:22:17.903702+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45021689.116.191.177443TCP
                                                                        2024-12-11T16:22:17.961144+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450217213.210.13.4443TCP
                                                                        2024-12-11T16:22:18.005001+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450218193.188.22.40443TCP
                                                                        2024-12-11T16:22:23.459424+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45022377.221.149.84443TCP
                                                                        2024-12-11T16:22:23.543431+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45022489.116.191.177443TCP
                                                                        2024-12-11T16:22:23.624194+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450225213.210.13.4443TCP
                                                                        2024-12-11T16:22:23.715503+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450226193.188.22.40443TCP
                                                                        2024-12-11T16:22:26.145291+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45023177.221.149.84443TCP
                                                                        2024-12-11T16:22:26.194549+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45023289.116.191.177443TCP
                                                                        2024-12-11T16:22:26.246297+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450233213.210.13.4443TCP
                                                                        2024-12-11T16:22:26.303831+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450234193.188.22.40443TCP
                                                                        2024-12-11T16:22:29.750959+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45023977.221.149.84443TCP
                                                                        2024-12-11T16:22:29.848780+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45024089.116.191.177443TCP
                                                                        2024-12-11T16:22:29.908651+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450241213.210.13.4443TCP
                                                                        2024-12-11T16:22:29.984237+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450242193.188.22.40443TCP
                                                                        2024-12-11T16:22:34.397345+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45024777.221.149.84443TCP
                                                                        2024-12-11T16:22:34.441002+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45024889.116.191.177443TCP
                                                                        2024-12-11T16:22:34.482487+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450249213.210.13.4443TCP
                                                                        2024-12-11T16:22:34.527081+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450250193.188.22.40443TCP
                                                                        2024-12-11T16:22:36.837521+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45025577.221.149.84443TCP
                                                                        2024-12-11T16:22:37.927518+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45025689.116.191.177443TCP
                                                                        2024-12-11T16:22:38.007137+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450257213.210.13.4443TCP
                                                                        2024-12-11T16:22:38.096671+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450258193.188.22.40443TCP
                                                                        2024-12-11T16:22:40.409773+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45026377.221.149.84443TCP
                                                                        2024-12-11T16:22:40.477896+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45026489.116.191.177443TCP
                                                                        2024-12-11T16:22:40.547381+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450265213.210.13.4443TCP
                                                                        2024-12-11T16:22:40.613426+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450266193.188.22.40443TCP
                                                                        2024-12-11T16:22:45.002700+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45027177.221.149.84443TCP
                                                                        2024-12-11T16:22:45.053376+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45027289.116.191.177443TCP
                                                                        2024-12-11T16:22:45.106240+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450273213.210.13.4443TCP
                                                                        2024-12-11T16:22:45.157359+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450274193.188.22.40443TCP
                                                                        2024-12-11T16:22:47.474983+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45027977.221.149.84443TCP
                                                                        2024-12-11T16:22:47.517256+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45028089.116.191.177443TCP
                                                                        2024-12-11T16:22:47.586636+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450281213.210.13.4443TCP
                                                                        2024-12-11T16:22:47.653835+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450282193.188.22.40443TCP
                                                                        2024-12-11T16:22:50.212535+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45028777.221.149.84443TCP
                                                                        2024-12-11T16:22:50.277971+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45028889.116.191.177443TCP
                                                                        2024-12-11T16:22:51.341018+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450289213.210.13.4443TCP
                                                                        2024-12-11T16:22:51.380732+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450290193.188.22.40443TCP
                                                                        2024-12-11T16:22:55.781933+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45029577.221.149.84443TCP
                                                                        2024-12-11T16:22:55.837136+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45029689.116.191.177443TCP
                                                                        2024-12-11T16:22:55.892627+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450297213.210.13.4443TCP
                                                                        2024-12-11T16:22:55.960918+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450298193.188.22.40443TCP
                                                                        2024-12-11T16:22:58.289764+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45030377.221.149.84443TCP
                                                                        2024-12-11T16:22:58.340916+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45030489.116.191.177443TCP
                                                                        2024-12-11T16:22:59.466307+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450305213.210.13.4443TCP
                                                                        2024-12-11T16:22:59.535549+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450306193.188.22.40443TCP
                                                                        2024-12-11T16:23:02.103360+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45031177.221.149.84443TCP
                                                                        2024-12-11T16:23:02.168133+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45031289.116.191.177443TCP
                                                                        2024-12-11T16:23:02.253944+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450313213.210.13.4443TCP
                                                                        2024-12-11T16:23:02.326257+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450314193.188.22.40443TCP
                                                                        2024-12-11T16:23:07.669492+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45031977.221.149.84443TCP
                                                                        2024-12-11T16:23:07.766860+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45032089.116.191.177443TCP
                                                                        2024-12-11T16:23:07.883044+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450321213.210.13.4443TCP
                                                                        2024-12-11T16:23:07.964061+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450322193.188.22.40443TCP
                                                                        2024-12-11T16:23:10.647387+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45032777.221.149.84443TCP
                                                                        2024-12-11T16:23:10.713144+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45032889.116.191.177443TCP
                                                                        2024-12-11T16:23:10.771334+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450329213.210.13.4443TCP
                                                                        2024-12-11T16:23:10.817376+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450330193.188.22.40443TCP
                                                                        2024-12-11T16:23:14.109564+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45033577.221.149.84443TCP
                                                                        2024-12-11T16:23:14.171886+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.45033689.116.191.177443TCP
                                                                        2024-12-11T16:23:14.213737+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450337213.210.13.4443TCP
                                                                        2024-12-11T16:23:14.265123+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.450338193.188.22.40443TCP

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Dec 11, 2024 16:19:49.474946976 CET49736443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:19:49.474992037 CET4434973677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:19:49.475075960 CET49736443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:19:49.519670963 CET49736443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:19:49.519692898 CET4434973677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:19:49.519710064 CET49736443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:19:49.519717932 CET4434973677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:19:49.519750118 CET4434973677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:19:49.525793076 CET49737443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:19:49.525836945 CET4434973789.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:19:49.525913954 CET49737443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:19:49.582218885 CET49737443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:19:49.582218885 CET49737443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:19:49.582245111 CET4434973789.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:19:49.582257032 CET4434973789.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:19:49.582331896 CET4434973789.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:19:49.585985899 CET49738443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:19:49.586033106 CET44349738213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:19:49.586148024 CET49738443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:19:49.638268948 CET49738443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:19:49.638297081 CET44349738213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:19:49.638358116 CET44349738213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:19:49.638397932 CET49738443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:19:49.638422966 CET44349738213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:19:49.644457102 CET49739443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:19:49.644512892 CET44349739193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:19:49.644725084 CET49739443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:19:49.695561886 CET49739443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:19:49.695601940 CET44349739193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:19:49.695657015 CET44349739193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:19:49.695686102 CET49739443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:19:49.695705891 CET44349739193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:13.253210068 CET49766443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:13.253257990 CET4434976677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:13.253330946 CET49766443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:13.305877924 CET49766443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:13.305896997 CET4434976677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:13.305948019 CET4434976677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:13.305958986 CET49766443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:13.305979013 CET4434976677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:13.309345007 CET49767443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:13.309397936 CET4434976789.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:13.309473038 CET49767443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:13.374733925 CET49767443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:13.374754906 CET4434976789.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:13.374805927 CET49767443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:13.374806881 CET4434976789.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:13.374818087 CET4434976789.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:13.378424883 CET49768443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:13.378464937 CET44349768213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:13.378529072 CET49768443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:13.429716110 CET49768443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:13.429737091 CET44349768213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:13.429801941 CET44349768213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:13.429811954 CET49768443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:13.429822922 CET44349768213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:13.433139086 CET49769443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:13.433180094 CET44349769193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:13.433258057 CET49769443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:13.474919081 CET49769443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:13.474947929 CET44349769193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:13.474977970 CET44349769193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:13.478045940 CET49770443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:13.478076935 CET4434977077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:13.478151083 CET49770443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:13.526987076 CET49770443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:13.527008057 CET4434977077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:13.527065992 CET4434977077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:13.527072906 CET49770443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:13.527086020 CET4434977077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:13.530507088 CET49771443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:13.530555964 CET4434977189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:13.530637026 CET49771443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:13.578809023 CET49771443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:13.578824997 CET4434977189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:13.578860044 CET4434977189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:13.578933001 CET49771443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:13.578946114 CET4434977189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:13.582321882 CET49772443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:13.582365990 CET44349772213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:13.582447052 CET49772443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:13.636003017 CET49772443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:13.636033058 CET44349772213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:13.636090994 CET44349772213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:13.636104107 CET49772443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:13.636122942 CET44349772213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:13.639213085 CET49773443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:13.639264107 CET44349773193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:13.639355898 CET49773443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:13.696742058 CET49773443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:13.696782112 CET44349773193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:13.696815968 CET44349773193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:13.696882010 CET49773443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:13.696899891 CET44349773193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:14.251913071 CET4977453192.168.2.48.8.8.8
                                                                        Dec 11, 2024 16:20:14.372117043 CET53497748.8.8.8192.168.2.4
                                                                        Dec 11, 2024 16:20:14.372245073 CET4977453192.168.2.48.8.8.8
                                                                        Dec 11, 2024 16:20:17.269877911 CET53497748.8.8.8192.168.2.4
                                                                        Dec 11, 2024 16:20:17.269949913 CET4977453192.168.2.48.8.8.8
                                                                        Dec 11, 2024 16:20:40.206075907 CET49835443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:40.206124067 CET4434983577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:40.206432104 CET49835443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:40.249454975 CET49835443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:40.249478102 CET4434983577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:40.249550104 CET4434983577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:40.252825975 CET49836443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:40.252890110 CET4434983689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:40.252974987 CET49836443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:40.296931982 CET49836443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:40.296962023 CET4434983689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:40.297030926 CET4434983689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:40.299710989 CET49837443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:40.299760103 CET44349837213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:40.299954891 CET49837443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:40.356515884 CET49837443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:40.356595993 CET44349837213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:40.356712103 CET44349837213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:40.359637022 CET49838443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:40.359738111 CET44349838193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:40.359826088 CET49838443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:40.413925886 CET49838443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:40.413959026 CET44349838193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:40.414027929 CET44349838193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:48.216032982 CET49854443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:48.216090918 CET4434985477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:48.216166973 CET49854443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:48.264545918 CET49854443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:48.264602900 CET4434985477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:48.264621973 CET49854443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:48.264635086 CET4434985477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:48.264722109 CET4434985477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:48.331465006 CET49855443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:48.331516027 CET4434985589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:48.331590891 CET49855443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:48.375727892 CET49855443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:48.375766993 CET4434985589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:48.375833035 CET49855443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:48.375840902 CET4434985589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:48.375921011 CET4434985589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:48.463773966 CET49856443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:48.463891029 CET44349856213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:48.463975906 CET49856443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:48.594204903 CET49856443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:48.594233990 CET44349856213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:48.594279051 CET49856443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:48.594285011 CET44349856213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:48.594408989 CET44349856213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:48.649576902 CET49857443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:48.649632931 CET44349857193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:48.649698019 CET49857443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:48.709029913 CET49857443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:48.709062099 CET44349857193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:48.709105015 CET44349857193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:48.709111929 CET49857443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:48.709126949 CET44349857193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:48.722147942 CET49859443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:48.722192049 CET4434985977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:48.722249031 CET49859443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:48.811294079 CET49859443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:48.811337948 CET4434985977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:48.811394930 CET49859443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:48.811402082 CET4434985977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:48.811470032 CET4434985977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:48.834377050 CET49862443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:48.834391117 CET4434986289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:48.835406065 CET49862443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:48.902682066 CET49862443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:48.902755022 CET4434986289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:48.902838945 CET49862443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:48.902853966 CET4434986289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:48.902920961 CET4434986289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:48.915867090 CET49864443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:48.915923119 CET44349864213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:48.916229010 CET49864443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:48.969870090 CET49864443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:48.969898939 CET44349864213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:48.969960928 CET44349864213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:48.971338987 CET49864443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:48.971365929 CET44349864213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:48.973876953 CET49866443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:48.973920107 CET44349866193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:48.973984003 CET49866443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:49.031702042 CET49866443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:49.031728983 CET44349866193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:49.031785965 CET49866443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:49.031795979 CET44349866193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:49.031805038 CET44349866193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:53.097583055 CET49873443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:53.097641945 CET4434987377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:53.097783089 CET49873443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:53.156461000 CET49873443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:53.156481981 CET4434987377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:53.156537056 CET4434987377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:53.156583071 CET49873443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:53.156604052 CET4434987377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:53.161987066 CET49875443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:53.162029028 CET4434987589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:53.162144899 CET49875443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:53.212795973 CET49875443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:53.212821007 CET4434987589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:53.212869883 CET49875443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:53.212889910 CET4434987589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:53.217583895 CET49877443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:53.217617989 CET44349877213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:53.217679977 CET49877443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:53.276788950 CET49877443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:53.276808023 CET44349877213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:53.276957989 CET44349877213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:53.277240038 CET49877443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:53.277256012 CET44349877213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:53.279756069 CET49878443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:53.279813051 CET44349878193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:53.279922009 CET49878443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:53.328387022 CET49878443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:53.328387022 CET49878443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:53.328430891 CET44349878193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:53.328452110 CET44349878193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:53.328613043 CET44349878193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:55.363908052 CET49882443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:55.363964081 CET4434988277.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:55.364126921 CET49882443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:55.417284966 CET49882443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:55.417303085 CET4434988277.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:55.417357922 CET4434988277.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:55.420824051 CET49883443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:55.420890093 CET4434988389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:55.421471119 CET49883443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:55.472356081 CET49883443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:55.472388029 CET4434988389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:55.472449064 CET4434988389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:55.472480059 CET49883443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:55.472498894 CET4434988389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:55.475830078 CET49884443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:55.475878954 CET44349884213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:55.475950003 CET49884443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:55.517739058 CET49884443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:55.517764091 CET44349884213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:55.517796040 CET44349884213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:55.525470018 CET49885443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:55.525516033 CET44349885193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:55.525662899 CET49885443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:55.573573112 CET49885443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:55.573594093 CET44349885193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:55.573653936 CET44349885193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:55.576694012 CET49888443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:55.576723099 CET4434988877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:55.576909065 CET49888443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:55.636746883 CET49888443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:55.636774063 CET4434988877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:55.636837959 CET4434988877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:55.636878967 CET49888443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:55.636893988 CET4434988877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:55.660105944 CET49890443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:55.660150051 CET4434989089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:55.660229921 CET49890443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:55.713042974 CET49890443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:55.713066101 CET4434989089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:55.713114023 CET4434989089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:55.713262081 CET49890443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:55.713280916 CET4434989089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:55.720896006 CET49891443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:55.720931053 CET44349891213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:55.721972942 CET49891443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:55.786140919 CET49891443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:55.786156893 CET44349891213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:55.786561012 CET44349891213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:55.786725044 CET49891443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:55.786741018 CET44349891213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:55.795039892 CET49893443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:55.795078039 CET44349893193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:55.795186996 CET49893443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:55.840321064 CET49893443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:55.840356112 CET44349893193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:55.840404987 CET44349893193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:57.865833998 CET49898443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:57.865870953 CET4434989877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:57.866122961 CET49898443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:57.928232908 CET49898443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:57.928311110 CET4434989877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:57.928369045 CET4434989877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:57.928416967 CET49898443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:20:57.928451061 CET4434989877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:20:57.932188034 CET49900443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:57.932245016 CET4434990089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:57.932410002 CET49900443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:57.981515884 CET49900443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:20:57.981571913 CET4434990089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:57.981621981 CET4434990089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:20:57.992238998 CET49901443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:57.992294073 CET44349901213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:57.992734909 CET49901443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:58.043112040 CET49901443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:20:58.043139935 CET44349901213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:58.043193102 CET44349901213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:20:58.046505928 CET49902443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:58.046539068 CET44349902193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:58.047009945 CET49902443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:58.108099937 CET49902443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:58.108125925 CET44349902193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:58.108174086 CET44349902193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:20:58.108198881 CET49902443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:20:58.108215094 CET44349902193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:00.150111914 CET49908443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:00.150163889 CET4434990877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:00.150226116 CET49908443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:00.234869957 CET49908443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:00.234911919 CET4434990877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:00.234966993 CET4434990877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:00.234999895 CET49908443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:00.235019922 CET4434990877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:00.253559113 CET49909443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:00.253602028 CET4434990989.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:00.253667116 CET49909443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:00.307063103 CET49909443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:00.307101011 CET4434990989.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:00.307159901 CET49909443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:00.307162046 CET4434990989.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:00.307176113 CET4434990989.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:00.312844038 CET49910443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:00.312916994 CET44349910213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:00.312993050 CET49910443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:00.371551037 CET49910443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:00.371582985 CET44349910213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:00.371608019 CET49910443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:00.371615887 CET44349910213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:00.371783018 CET44349910213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:00.392458916 CET49911443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:00.392515898 CET44349911193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:00.392700911 CET49911443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:00.450012922 CET49911443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:00.450056076 CET44349911193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:00.450189114 CET49911443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:00.450193882 CET44349911193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:00.450254917 CET44349911193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:00.552778959 CET49912443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:00.552834988 CET4434991277.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:00.552923918 CET49912443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:00.609088898 CET49912443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:00.609126091 CET4434991277.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:00.609194994 CET4434991277.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:00.609245062 CET49912443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:00.609262943 CET4434991277.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:00.614186049 CET49913443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:00.614239931 CET4434991389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:00.614293098 CET49913443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:00.697448015 CET49913443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:00.697491884 CET4434991389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:00.697556973 CET4434991389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:00.697560072 CET49913443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:00.697582006 CET4434991389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:00.704794884 CET49914443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:00.704852104 CET44349914213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:00.704987049 CET49914443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:00.749245882 CET49914443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:00.749274969 CET44349914213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:00.749309063 CET44349914213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:00.754235983 CET49915443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:00.754292965 CET44349915193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:00.754348993 CET49915443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:00.806159973 CET49915443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:00.806243896 CET44349915193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:00.806308985 CET44349915193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:00.806338072 CET49915443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:00.806379080 CET44349915193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:02.831864119 CET49921443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:02.831973076 CET4434992177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:02.832047939 CET49921443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:02.949136019 CET49921443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:02.949219942 CET4434992177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:02.949306965 CET49921443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:02.949340105 CET4434992177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:02.949361086 CET4434992177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:02.968741894 CET49922443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:02.968811035 CET4434992289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:02.968879938 CET49922443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:03.044507027 CET49922443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:03.044533968 CET4434992289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:03.044575930 CET49922443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:03.044581890 CET4434992289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:03.044598103 CET4434992289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:03.059077024 CET49923443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:03.059143066 CET44349923213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:03.059212923 CET49923443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:03.119554043 CET49923443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:03.119554996 CET49923443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:03.119654894 CET44349923213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:03.119703054 CET44349923213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:03.119812965 CET44349923213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:03.125746965 CET49924443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:03.125799894 CET44349924193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:03.126414061 CET49924443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:03.169176102 CET49924443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:03.169176102 CET49924443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:03.169217110 CET44349924193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:03.169226885 CET44349924193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:03.169292927 CET44349924193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:05.209784031 CET49930443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:05.209820032 CET4434993077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:05.210225105 CET49930443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:05.261872053 CET49930443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:05.261898994 CET4434993077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:05.262012959 CET4434993077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:05.262033939 CET49930443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:05.262051105 CET4434993077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:05.265789032 CET49931443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:05.265835047 CET4434993189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:05.266516924 CET49931443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:05.339996099 CET49931443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:05.340010881 CET4434993189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:05.340090036 CET4434993189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:05.340128899 CET49931443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:05.340141058 CET4434993189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:05.344988108 CET49932443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:05.345022917 CET44349932213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:05.346147060 CET49932443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:06.439786911 CET49932443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:06.439805031 CET44349932213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:06.439841986 CET49932443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:06.439846039 CET44349932213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:06.439935923 CET44349932213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:06.445533991 CET49934443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:06.445579052 CET44349934193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:06.445632935 CET49934443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:06.510102987 CET49934443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:06.510126114 CET44349934193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:06.510163069 CET49934443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:06.510168076 CET44349934193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:06.510215044 CET44349934193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:06.515573025 CET49935443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:06.515620947 CET4434993577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:06.515675068 CET49935443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:06.580060005 CET49935443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:06.580060005 CET49935443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:06.580096960 CET4434993577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:06.580113888 CET4434993577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:06.580180883 CET4434993577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:06.584809065 CET49936443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:06.584842920 CET4434993689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:06.584907055 CET49936443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:06.655751944 CET49936443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:06.655788898 CET4434993689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:06.655833960 CET49936443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:06.655843019 CET4434993689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:06.655878067 CET4434993689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:06.677174091 CET49937443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:06.677227974 CET44349937213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:06.680363894 CET49937443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:06.799889088 CET49937443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:06.799906969 CET44349937213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:06.799987078 CET49937443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:06.799992085 CET44349937213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:06.800057888 CET44349937213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:06.806794882 CET49941443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:06.806849003 CET44349941193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:06.806906939 CET49941443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:06.891555071 CET49941443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:06.891587973 CET44349941193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:06.891644001 CET49941443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:06.891649961 CET44349941193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:06.891670942 CET44349941193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:08.931749105 CET49944443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:08.931832075 CET4434994477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:08.931979895 CET49944443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:09.045787096 CET49944443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:09.045876980 CET4434994477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:09.045944929 CET4434994477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:09.045957088 CET49944443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:09.045994043 CET4434994477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:09.051222086 CET49945443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:09.051261902 CET4434994589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:09.051325083 CET49945443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:09.116216898 CET49945443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:09.116230011 CET4434994589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:09.116269112 CET4434994589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:09.119425058 CET49946443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:09.119497061 CET44349946213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:09.119602919 CET49946443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:09.165380955 CET49946443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:09.165469885 CET44349946213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:09.165523052 CET44349946213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:09.169121027 CET49947443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:09.169194937 CET44349947193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:09.169377089 CET49947443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:09.215251923 CET49947443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:09.215289116 CET44349947193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:09.215329885 CET44349947193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:11.238135099 CET49954443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:11.238199949 CET4434995477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:11.238691092 CET49954443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:11.288475037 CET49954443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:11.288508892 CET4434995477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:11.288579941 CET4434995477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:11.294122934 CET49955443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:11.294171095 CET4434995589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:11.297732115 CET49955443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:11.343677998 CET49955443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:11.343677998 CET49955443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:11.343699932 CET4434995589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:11.343704939 CET4434995589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:11.343775034 CET4434995589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:11.350687027 CET49956443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:11.350732088 CET44349956213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:11.353179932 CET49956443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:11.393888950 CET49956443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:11.393888950 CET49956443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:11.393920898 CET44349956213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:11.393934965 CET44349956213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:11.393979073 CET44349956213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:11.397171974 CET49957443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:11.397222042 CET44349957193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:11.397730112 CET49957443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:11.462107897 CET49957443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:11.462141037 CET44349957193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:11.462213993 CET44349957193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:11.465396881 CET49959443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:11.465445995 CET4434995977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:11.465588093 CET49959443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:11.524276972 CET49959443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:11.524306059 CET4434995977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:11.524355888 CET4434995977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:11.524429083 CET49959443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:11.524441004 CET4434995977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:11.528136015 CET49961443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:11.528167963 CET4434996189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:11.529731035 CET49961443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:11.573357105 CET49961443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:11.573385000 CET4434996189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:11.573440075 CET4434996189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:11.573465109 CET49961443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:11.573482037 CET4434996189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:11.576843977 CET49963443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:11.576864004 CET44349963213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:11.577004910 CET49963443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:11.625746965 CET49963443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:11.625767946 CET44349963213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:11.625843048 CET44349963213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:11.625868082 CET49963443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:11.625878096 CET44349963213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:11.629041910 CET49964443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:11.629081964 CET44349964193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:11.629872084 CET49964443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:11.695240021 CET49964443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:11.695254087 CET44349964193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:11.695288897 CET44349964193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:11.695540905 CET49964443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:11.695553064 CET44349964193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:13.724536896 CET49969443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:13.724591017 CET4434996977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:13.724904060 CET49969443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:13.768974066 CET49969443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:13.769001961 CET4434996977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:13.769041061 CET4434996977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:13.769068956 CET49969443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:13.769082069 CET4434996977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:13.772711039 CET49970443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:13.772747040 CET4434997089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:13.773144007 CET49970443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:13.830161095 CET49970443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:13.830161095 CET49970443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:13.830194950 CET4434997089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:13.830207109 CET4434997089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:13.830276012 CET4434997089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:13.833750963 CET49972443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:13.833800077 CET44349972213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:13.834933043 CET49972443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:13.885822058 CET49972443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:13.885853052 CET44349972213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:13.885916948 CET44349972213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:13.886274099 CET49972443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:13.886295080 CET44349972213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:13.889730930 CET49973443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:13.889769077 CET44349973193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:13.890400887 CET49973443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:13.949990988 CET49973443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:13.949991941 CET49973443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:13.950027943 CET44349973193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:13.950035095 CET44349973193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:13.950102091 CET44349973193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:15.973767042 CET49979443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:15.973835945 CET4434997977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:15.974900961 CET49979443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:16.026216030 CET49979443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:16.026247978 CET4434997977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:16.026314974 CET4434997977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:16.026360989 CET49979443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:16.026377916 CET4434997977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:16.045739889 CET49980443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:16.045779943 CET4434998089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:16.046276093 CET49980443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:16.097757101 CET49980443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:16.097779036 CET4434998089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:16.097837925 CET4434998089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:16.098064899 CET49980443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:16.098088026 CET4434998089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:16.101732016 CET49981443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:16.101799965 CET44349981213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:16.102087975 CET49981443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:16.154702902 CET49981443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:16.154747963 CET44349981213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:16.154808998 CET49981443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:16.154812098 CET44349981213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:16.154833078 CET44349981213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:16.160449982 CET49982443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:16.160507917 CET44349982193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:16.160567999 CET49982443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:16.233721972 CET49982443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:16.233757019 CET44349982193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:16.233798981 CET49982443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:16.233805895 CET44349982193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:16.233830929 CET44349982193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:16.247885942 CET49983443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:16.247932911 CET4434998377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:16.247994900 CET49983443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:16.354784966 CET49983443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:16.354830980 CET4434998377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:16.354887962 CET4434998377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:16.354893923 CET49983443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:16.354916096 CET4434998377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:16.358175039 CET49984443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:16.358216047 CET4434998489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:16.358295918 CET49984443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:16.425002098 CET49984443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:16.425015926 CET4434998489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:16.425065041 CET49984443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:16.425069094 CET4434998489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:16.425096989 CET4434998489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:16.450129986 CET49985443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:16.450170040 CET44349985213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:16.450229883 CET49985443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:16.524852991 CET49985443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:16.524869919 CET44349985213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:16.524909973 CET49985443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:16.524915934 CET44349985213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:16.524944067 CET44349985213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:16.529766083 CET49986443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:16.529812098 CET44349986193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:16.529865980 CET49986443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:16.599221945 CET49986443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:16.599251032 CET44349986193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:16.599301100 CET49986443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:16.599307060 CET44349986193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:16.599348068 CET44349986193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:18.628308058 CET49992443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:18.628360033 CET4434999277.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:18.628437042 CET49992443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:18.701549053 CET49992443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:18.701587915 CET4434999277.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:18.701659918 CET4434999277.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:18.701670885 CET49992443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:18.701690912 CET4434999277.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:18.709681988 CET49993443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:18.709750891 CET4434999389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:18.709813118 CET49993443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:18.789051056 CET49993443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:18.789103985 CET4434999389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:18.789156914 CET4434999389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:18.792721033 CET49994443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:18.792754889 CET44349994213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:18.792889118 CET49994443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:18.867388010 CET49994443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:18.867419958 CET44349994213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:18.867464066 CET49994443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:18.867470026 CET44349994213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:18.867501020 CET44349994213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:18.870479107 CET49995443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:18.870522976 CET44349995193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:18.870620966 CET49995443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:18.943422079 CET49995443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:18.943442106 CET44349995193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:18.943485022 CET49995443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:18.943501949 CET44349995193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:18.943516016 CET44349995193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:20.971587896 CET50001443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:20.971615076 CET4435000177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:20.971671104 CET50001443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:21.025837898 CET50001443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:21.025871038 CET4435000177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:21.025921106 CET50001443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:21.025928020 CET4435000177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:21.025954962 CET4435000177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:21.029213905 CET50002443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:21.029275894 CET4435000289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:21.029345989 CET50002443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:21.076602936 CET50002443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:21.076649904 CET4435000289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:21.076694965 CET50002443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:21.076708078 CET4435000289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:21.076719999 CET4435000289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:21.083619118 CET50003443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:21.083659887 CET44350003213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:21.083710909 CET50003443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:21.146188974 CET50003443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:21.146188974 CET50003443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:21.146220922 CET44350003213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:21.146234989 CET44350003213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:21.146287918 CET44350003213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:21.147330046 CET50003443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:21.147330046 CET50003443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:21.147349119 CET44350003213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:21.147356033 CET44350003213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:21.151873112 CET50004443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:21.151926041 CET44350004193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:21.153847933 CET50004443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:21.194027901 CET50004443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:21.194029093 CET50004443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:21.194063902 CET44350004193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:21.194077015 CET44350004193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:21.194123983 CET44350004193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:21.197696924 CET50005443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:21.197771072 CET4435000577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:21.201795101 CET50005443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:21.279067039 CET50005443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:21.279097080 CET4435000577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:21.279146910 CET4435000577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:21.279469967 CET50005443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:21.279484987 CET4435000577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:21.284147978 CET50006443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:21.284192085 CET4435000689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:21.286178112 CET50006443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:21.335371017 CET50006443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:21.335402966 CET4435000689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:21.335464001 CET4435000689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:21.338377953 CET50007443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:21.338408947 CET44350007213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:21.338577986 CET50007443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:21.381103039 CET50007443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:21.381119013 CET44350007213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:21.381169081 CET44350007213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:21.381196022 CET50007443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:21.381205082 CET44350007213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:21.384620905 CET50008443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:21.384671926 CET44350008193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:21.385019064 CET50008443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:21.441684961 CET50008443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:21.441720009 CET44350008193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:21.441775084 CET44350008193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:21.441912889 CET50008443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:21.441950083 CET44350008193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:23.473023891 CET50014443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:23.473063946 CET4435001477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:23.473131895 CET50014443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:23.517788887 CET50014443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:23.517817020 CET4435001477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:23.517873049 CET4435001477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:23.521967888 CET50015443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:23.522003889 CET4435001589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:23.522284031 CET50015443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:23.569785118 CET50015443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:23.569797993 CET4435001589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:23.569830894 CET4435001589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:23.569839001 CET50015443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:23.569850922 CET4435001589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:23.573725939 CET50016443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:23.573775053 CET44350016213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:23.574155092 CET50016443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:23.624974012 CET50016443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:23.624995947 CET44350016213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:23.625036955 CET44350016213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:23.625117064 CET50016443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:23.625130892 CET44350016213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:23.629724979 CET50017443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:23.629765034 CET44350017193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:23.629986048 CET50017443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:23.670974016 CET50017443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:23.670974016 CET50017443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:23.671014071 CET44350017193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:23.671029091 CET44350017193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:23.671066999 CET44350017193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:23.673701048 CET50017443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:23.673718929 CET44350017193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:25.706825018 CET50023443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:25.706933975 CET4435002377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:25.707062006 CET50023443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:25.764053106 CET50023443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:25.764130116 CET4435002377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:25.764204025 CET4435002377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:25.767808914 CET50024443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:25.767862082 CET4435002489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:25.768081903 CET50024443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:25.807240009 CET50024443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:25.807286024 CET4435002489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:25.807418108 CET4435002489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:25.807451010 CET50024443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:25.807480097 CET4435002489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:25.810034037 CET50025443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:25.810075998 CET44350025213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:25.811666965 CET50025443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:25.857669115 CET50025443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:25.857691050 CET44350025213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:25.857716084 CET44350025213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:25.861273050 CET50026443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:25.861330032 CET44350026193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:25.861553907 CET50026443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:26.980132103 CET50026443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:26.980174065 CET44350026193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:26.980211973 CET50026443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:26.980218887 CET44350026193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:26.980345964 CET44350026193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:26.995929956 CET50031443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:26.995970964 CET4435003177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:26.996027946 CET50031443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:27.057495117 CET50031443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:27.057522058 CET4435003177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:27.057570934 CET50031443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:27.057576895 CET4435003177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:27.057617903 CET4435003177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:27.086657047 CET50033443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:27.086700916 CET4435003389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:27.086767912 CET50033443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:27.136507034 CET50033443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:27.136538029 CET4435003389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:27.136660099 CET4435003389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:27.137379885 CET50033443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:27.137403011 CET4435003389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:27.151743889 CET50034443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:27.151791096 CET44350034213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:27.152174950 CET50034443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:27.201669931 CET50034443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:27.201710939 CET44350034213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:27.201766968 CET44350034213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:27.209700108 CET50035443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:27.209753036 CET44350035193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:27.210760117 CET50035443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:27.265644073 CET50035443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:27.265677929 CET44350035193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:27.265701056 CET50035443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:27.265708923 CET44350035193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:27.265769005 CET44350035193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:29.299612999 CET50041443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:29.299669981 CET4435004177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:29.301635027 CET50041443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:29.346885920 CET50041443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:29.346915007 CET4435004177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:29.346977949 CET4435004177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:29.353652954 CET50042443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:29.353735924 CET4435004289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:29.354510069 CET50042443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:29.413995981 CET50042443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:29.414053917 CET4435004289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:29.414176941 CET4435004289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:29.414212942 CET50042443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:29.414243937 CET4435004289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:29.417629957 CET50043443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:29.417707920 CET44350043213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:29.419740915 CET50043443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:29.463254929 CET50043443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:29.463296890 CET44350043213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:29.463406086 CET44350043213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:29.463483095 CET50043443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:29.463510036 CET44350043213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:29.469651937 CET50044443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:29.469722986 CET44350044193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:29.470274925 CET50044443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:30.544800997 CET50044443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:30.544823885 CET44350044193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:30.544863939 CET50044443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:30.544867992 CET44350044193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:30.544897079 CET44350044193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:32.566517115 CET50050443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:32.566567898 CET4435005077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:32.566633940 CET50050443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:32.620901108 CET50050443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:32.620985985 CET4435005077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:32.621030092 CET50050443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:32.621047020 CET4435005077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:32.621068954 CET4435005077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:32.630028009 CET50051443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:32.630125046 CET4435005189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:32.630204916 CET50051443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:32.697469950 CET50051443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:32.697555065 CET4435005189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:32.697606087 CET4435005189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:32.697634935 CET50051443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:32.697670937 CET4435005189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:32.705018044 CET50053443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:32.705070019 CET44350053213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:32.705591917 CET50053443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:32.763808966 CET50053443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:32.763839006 CET44350053213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:32.763873100 CET44350053213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:32.763895988 CET50053443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:32.763912916 CET44350053213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:32.769721985 CET50054443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:32.769763947 CET44350054193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:32.769821882 CET50054443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:32.852158070 CET50054443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:32.852190971 CET44350054193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:32.852248907 CET44350054193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:32.852252960 CET50054443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:32.852271080 CET44350054193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:32.864424944 CET50055443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:32.864474058 CET4435005577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:32.864535093 CET50055443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:32.916029930 CET50055443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:32.916115999 CET4435005577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:32.916167021 CET4435005577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:32.916177988 CET50055443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:32.916220903 CET4435005577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:32.920063972 CET50056443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:32.920114040 CET4435005689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:32.920208931 CET50056443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:32.975658894 CET50056443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:32.975681067 CET4435005689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:32.975718021 CET4435005689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:32.975725889 CET50056443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:32.975738049 CET4435005689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:32.980245113 CET50057443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:32.980289936 CET44350057213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:32.980360031 CET50057443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:33.025784016 CET50057443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:33.025804996 CET44350057213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:33.025849104 CET44350057213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:33.025857925 CET50057443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:33.025873899 CET44350057213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:33.028837919 CET50058443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:33.028882980 CET44350058193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:33.029658079 CET50058443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:33.076558113 CET50058443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:33.076600075 CET44350058193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:33.076663971 CET44350058193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:33.076692104 CET50058443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:33.076710939 CET44350058193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:35.143040895 CET50064443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:35.143090963 CET4435006477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:35.144849062 CET50064443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:35.194941998 CET50064443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:35.194941998 CET50064443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:35.194961071 CET4435006477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:35.194967985 CET4435006477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:35.195028067 CET4435006477.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:35.201613903 CET50065443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:35.201657057 CET4435006589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:35.202403069 CET50065443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:35.259378910 CET50065443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:35.259378910 CET50065443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:35.259402990 CET4435006589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:35.259413958 CET4435006589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:35.259457111 CET4435006589.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:35.263786077 CET50066443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:35.263818979 CET44350066213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:35.264161110 CET50066443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:35.319751024 CET50066443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:35.319762945 CET44350066213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:35.322210073 CET50066443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:35.322210073 CET50066443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:35.322216034 CET44350066213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:35.322232008 CET44350066213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:35.323163986 CET44350066213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:35.328458071 CET50068443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:35.328483105 CET44350068193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:35.329262018 CET50068443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:36.455924034 CET50068443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:36.456012011 CET44350068193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:36.456067085 CET50068443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:36.456084967 CET44350068193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:36.456104040 CET44350068193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:38.487296104 CET50077443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:38.487344980 CET4435007777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:38.487462997 CET50077443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:38.542938948 CET50077443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:38.542973042 CET4435007777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:38.543021917 CET50077443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:38.543026924 CET4435007777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:38.543154955 CET4435007777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:38.547020912 CET50078443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:38.547071934 CET4435007889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:38.547125101 CET50078443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:38.603029013 CET50078443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:38.603068113 CET4435007889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:38.603115082 CET4435007889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:38.603147984 CET50078443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:38.603163958 CET4435007889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:38.605916977 CET50079443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:38.606018066 CET44350079213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:38.606100082 CET50079443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:38.647311926 CET50079443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:38.647361040 CET44350079213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:38.647399902 CET44350079213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:38.647448063 CET50079443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:38.647471905 CET44350079213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:38.650151014 CET50080443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:38.650188923 CET44350080193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:38.650254011 CET50080443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:38.700115919 CET50080443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:38.700141907 CET44350080193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:38.700189114 CET44350080193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:38.700192928 CET50080443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:38.700207949 CET44350080193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:38.707295895 CET50081443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:38.707345009 CET4435008177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:38.707407951 CET50081443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:38.789813995 CET50081443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:38.789834023 CET4435008177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:38.789861917 CET4435008177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:38.789885044 CET50081443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:38.789900064 CET4435008177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:38.795207024 CET50082443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:38.795245886 CET4435008289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:38.795329094 CET50082443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:38.865756989 CET50082443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:38.865787983 CET4435008289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:38.865827084 CET50082443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:38.865844965 CET4435008289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:38.865845919 CET4435008289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:38.870688915 CET50083443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:38.870722055 CET44350083213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:38.870776892 CET50083443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:38.933232069 CET50083443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:38.933252096 CET44350083213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:38.933299065 CET44350083213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:38.933320045 CET50083443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:38.933334112 CET44350083213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:38.937989950 CET50084443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:38.938031912 CET44350084193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:38.938088894 CET50084443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:39.072917938 CET50084443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:39.072999001 CET44350084193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:39.073066950 CET44350084193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:39.073111057 CET50084443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:39.073149920 CET44350084193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:41.109097004 CET50090443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:41.109157085 CET4435009077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:41.109213114 CET50090443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:41.174137115 CET50090443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:41.174164057 CET4435009077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:41.174341917 CET4435009077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:41.174391985 CET50090443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:41.174410105 CET4435009077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:41.178283930 CET50091443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:41.178324938 CET4435009189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:41.178416967 CET50091443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:41.225588083 CET50091443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:41.225625038 CET4435009189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:41.225703001 CET4435009189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:41.228053093 CET50092443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:41.228159904 CET44350092213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:41.229722023 CET50092443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:41.269748926 CET50092443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:41.269829988 CET44350092213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:41.269889116 CET44350092213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:41.272111893 CET50093443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:41.272167921 CET44350093193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:41.273240089 CET50093443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:41.339466095 CET50093443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:41.339512110 CET44350093193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:41.339601040 CET44350093193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:41.339634895 CET50093443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:41.339659929 CET44350093193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:43.540523052 CET50099443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:43.540580034 CET4435009977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:43.543452978 CET50099443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:43.739033937 CET50099443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:43.739080906 CET4435009977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:43.739159107 CET4435009977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:43.784887075 CET50100443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:43.784950018 CET4435010089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:43.785626888 CET50100443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:43.833511114 CET50100443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:43.833540916 CET4435010089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:43.833600044 CET4435010089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:43.833615065 CET50100443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:43.833637953 CET4435010089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:43.841562033 CET50101443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:43.841608047 CET44350101213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:43.841880083 CET50101443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:43.914251089 CET50101443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:43.914251089 CET50101443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:43.914329052 CET44350101213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:43.914375067 CET44350101213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:43.914408922 CET44350101213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:43.922945976 CET50103443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:43.922983885 CET44350103193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:43.923263073 CET50103443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:45.015916109 CET50103443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:45.015948057 CET44350103193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:45.016010046 CET44350103193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:45.016024113 CET50103443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:45.016040087 CET44350103193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:45.021023989 CET50108443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:45.021095037 CET4435010877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:45.021162987 CET50108443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:45.091020107 CET50108443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:45.091065884 CET4435010877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:45.091133118 CET50108443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:45.091130972 CET4435010877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:45.091160059 CET4435010877.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:45.095978022 CET50109443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:45.096020937 CET4435010989.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:45.096074104 CET50109443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:45.172326088 CET50109443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:45.172343016 CET4435010989.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:45.172395945 CET4435010989.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:45.172405005 CET50109443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:45.172427893 CET4435010989.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:45.176655054 CET50110443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:45.176769972 CET44350110213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:45.176857948 CET50110443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:45.223572016 CET50110443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:45.223634005 CET44350110213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:45.223690987 CET44350110213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:45.229592085 CET50111443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:45.229691029 CET44350111193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:45.233787060 CET50111443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:45.315280914 CET50111443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:45.315325022 CET44350111193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:45.315401077 CET50111443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:45.315407991 CET44350111193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:45.315459013 CET44350111193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:47.409478903 CET50117443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:47.409535885 CET4435011777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:47.410317898 CET50117443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:47.459002972 CET50117443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:47.459002972 CET50117443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:47.459042072 CET4435011777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:47.459055901 CET4435011777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:47.459115028 CET4435011777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:47.465651989 CET50118443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:47.465693951 CET4435011889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:47.475004911 CET50118443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:48.537125111 CET50118443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:48.537151098 CET4435011889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:48.537204981 CET4435011889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:48.537255049 CET50118443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:48.537273884 CET4435011889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:48.544131994 CET50120443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:48.544173002 CET44350120213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:48.544651031 CET50120443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:48.632426023 CET50120443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:48.632458925 CET44350120213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:48.632474899 CET50120443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:48.632483959 CET44350120213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:48.632508993 CET44350120213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:48.638070107 CET50121443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:48.638111115 CET44350121193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:48.638165951 CET50121443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:48.747028112 CET50121443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:48.747056961 CET44350121193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:48.747103930 CET50121443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:48.747109890 CET44350121193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:48.747126102 CET44350121193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:50.768060923 CET50127443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:50.768121958 CET4435012777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:50.768198013 CET50127443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:50.818783998 CET50127443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:50.818846941 CET4435012777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:50.818908930 CET4435012777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:50.818936110 CET50127443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:50.818972111 CET4435012777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:50.822160959 CET50128443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:50.822189093 CET4435012889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:50.823124886 CET50128443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:50.866471052 CET50128443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:50.866513968 CET4435012889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:50.866574049 CET4435012889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:50.866625071 CET50128443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:50.866647959 CET4435012889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:50.870285988 CET50129443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:50.870340109 CET44350129213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:50.870431900 CET50129443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:50.928435087 CET50129443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:50.928471088 CET44350129213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:50.928539038 CET44350129213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:50.928572893 CET50129443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:50.928591013 CET44350129213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:50.931751013 CET50130443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:50.931804895 CET44350130193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:50.931906939 CET50130443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:50.974113941 CET50130443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:50.974149942 CET44350130193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:50.974211931 CET44350130193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:50.977221966 CET50131443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:50.977273941 CET4435013177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:50.977575064 CET50131443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:51.046201944 CET50131443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:51.046219110 CET4435013177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:51.046288013 CET4435013177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:51.049698114 CET50133443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:51.049736977 CET4435013389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:51.049912930 CET50133443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:51.093882084 CET50133443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:51.093919039 CET4435013389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:51.093934059 CET50133443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:51.093940973 CET4435013389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:51.093983889 CET4435013389.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:51.097789049 CET50134443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:51.097830057 CET44350134213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:51.097893000 CET50134443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:51.151058912 CET50134443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:51.151093960 CET44350134213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:51.151151896 CET44350134213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:51.151163101 CET50134443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:51.151185036 CET44350134213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:51.155368090 CET50135443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:51.155416012 CET44350135193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:51.155567884 CET50135443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:51.215393066 CET50135443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:51.215413094 CET44350135193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:51.215446949 CET50135443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:51.215451956 CET44350135193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:51.215477943 CET44350135193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:53.239978075 CET50141443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:53.240022898 CET4435014177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:53.240080118 CET50141443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:53.355091095 CET50141443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:53.355108023 CET4435014177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:53.355178118 CET4435014177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:53.355232000 CET50141443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:53.355249882 CET4435014177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:53.376693964 CET50142443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:53.376737118 CET4435014289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:53.376796007 CET50142443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:53.431566000 CET50142443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:53.431577921 CET4435014289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:53.431622982 CET50142443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:53.431631088 CET4435014289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:53.431646109 CET4435014289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:53.439335108 CET50143443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:53.439366102 CET44350143213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:53.439425945 CET50143443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:53.499723911 CET50143443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:53.499744892 CET44350143213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:53.499787092 CET50143443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:53.499789000 CET44350143213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:53.499806881 CET44350143213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:53.505315065 CET50144443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:53.505342960 CET44350144193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:53.505403042 CET50144443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:53.581868887 CET50144443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:53.581895113 CET44350144193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:53.581949949 CET44350144193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:53.581979990 CET50144443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:53.581996918 CET44350144193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:55.612817049 CET50150443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:55.612879992 CET4435015077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:55.613058090 CET50150443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:55.678864002 CET50150443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:55.678932905 CET4435015077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:55.678994894 CET50150443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:55.678992987 CET4435015077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:55.679032087 CET4435015077.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:55.682668924 CET50151443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:55.682773113 CET4435015189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:55.682845116 CET50151443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:55.760318041 CET50151443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:55.760360003 CET4435015189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:55.760421991 CET50151443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:55.760428905 CET4435015189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:55.760448933 CET4435015189.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:55.764863968 CET50152443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:55.764911890 CET44350152213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:55.764971018 CET50152443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:55.820113897 CET50152443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:55.820152044 CET44350152213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:55.820173979 CET50152443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:55.820182085 CET44350152213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:55.820244074 CET44350152213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:55.827994108 CET50155443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:55.828092098 CET44350155193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:55.828172922 CET50155443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:55.898089886 CET50155443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:55.898188114 CET44350155193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:55.898246050 CET44350155193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:55.898268938 CET50155443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:55.898310900 CET44350155193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:55.902537107 CET50157443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:55.902575016 CET4435015777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:55.902623892 CET50157443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:55.964374065 CET50157443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:55.964390039 CET4435015777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:55.964432001 CET50157443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:55.964437008 CET4435015777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:55.964466095 CET4435015777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:55.968427896 CET50158443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:55.968485117 CET4435015889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:55.968539000 CET50158443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:56.028076887 CET50158443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:56.028115988 CET4435015889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:56.028157949 CET4435015889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:56.028207064 CET50158443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:56.028224945 CET4435015889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:56.031106949 CET50159443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:56.031148911 CET44350159213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:56.031234026 CET50159443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:56.114017010 CET50159443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:56.114033937 CET44350159213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:56.114077091 CET50159443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:56.114084959 CET44350159213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:56.114092112 CET44350159213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:56.119383097 CET50160443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:56.119415045 CET44350160193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:56.119472980 CET50160443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:56.190222025 CET50160443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:56.190251112 CET44350160193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:56.190303087 CET50160443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:56.190306902 CET44350160193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:56.190443039 CET44350160193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:58.225822926 CET50166443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:58.225860119 CET4435016677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:58.229360104 CET50166443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:58.286936045 CET50166443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:58.286936045 CET50166443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:21:58.286966085 CET4435016677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:58.286976099 CET4435016677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:58.287106991 CET4435016677.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:21:58.290302992 CET50167443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:58.290384054 CET4435016789.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:58.291800022 CET50167443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:58.333530903 CET50167443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:21:58.333571911 CET4435016789.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:58.333677053 CET4435016789.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:21:58.336534977 CET50168443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:58.336580038 CET44350168213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:58.343697071 CET50168443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:58.380518913 CET50168443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:58.380518913 CET50168443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:21:58.380542994 CET44350168213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:58.380558968 CET44350168213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:58.380660057 CET44350168213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:21:58.385495901 CET50169443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:58.385543108 CET44350169193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:58.385956049 CET50169443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:58.425154924 CET50169443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:21:58.425231934 CET44350169193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:21:58.425290108 CET44350169193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:00.461179018 CET50175443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:00.461240053 CET4435017577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:00.461590052 CET50175443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:00.511838913 CET50175443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:00.511889935 CET4435017577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:00.511949062 CET4435017577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:00.516614914 CET50176443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:00.516665936 CET4435017689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:00.521462917 CET50176443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:00.568737030 CET50176443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:00.568763018 CET4435017689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:00.568804026 CET4435017689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:00.572348118 CET50177443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:00.572391033 CET44350177213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:00.573012114 CET50177443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:00.632473946 CET50177443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:00.632509947 CET44350177213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:00.632582903 CET44350177213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:00.635114908 CET50178443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:00.635189056 CET44350178193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:00.635540009 CET50178443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:00.694060087 CET50178443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:00.694145918 CET44350178193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:00.694210052 CET44350178193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:00.697491884 CET50179443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:00.697596073 CET4435017977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:00.697727919 CET50179443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:00.759083033 CET50179443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:00.759177923 CET4435017977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:00.759227991 CET50179443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:00.759246111 CET4435017977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:00.759274960 CET4435017977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:00.763117075 CET50180443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:00.763161898 CET4435018089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:00.763928890 CET50180443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:00.818855047 CET50180443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:00.818855047 CET50180443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:00.818881989 CET4435018089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:00.818897009 CET4435018089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:00.818941116 CET4435018089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:00.821991920 CET50181443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:00.822041035 CET44350181213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:00.825579882 CET50181443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:00.873485088 CET50181443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:00.873512983 CET44350181213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:00.873568058 CET44350181213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:00.873599052 CET50181443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:00.873620987 CET44350181213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:00.888953924 CET50182443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:00.889003038 CET44350182193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:00.889271975 CET50182443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:00.967272997 CET50182443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:00.967295885 CET44350182193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:00.967351913 CET44350182193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:03.189992905 CET50183443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:03.190026999 CET4435018377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:03.190217018 CET50183443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:03.235800028 CET50183443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:03.235816002 CET4435018377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:03.235858917 CET50183443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:03.235876083 CET4435018377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:03.242499113 CET50184443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:03.242522955 CET4435018489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:03.244210958 CET50184443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:03.356884956 CET50184443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:03.356900930 CET4435018489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:03.356939077 CET50184443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:03.356945038 CET4435018489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:03.356967926 CET4435018489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:03.360831976 CET50185443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:03.360877037 CET44350185213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:03.360928059 CET50185443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:03.433726072 CET50185443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:03.433747053 CET44350185213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:03.433819056 CET44350185213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:03.438472986 CET50186443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:03.438514948 CET44350186193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:03.438879013 CET50186443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:04.503353119 CET50186443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:04.503370047 CET44350186193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:04.503421068 CET44350186193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:04.505439997 CET50186443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:04.505456924 CET44350186193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:06.539446115 CET50187443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:06.539504051 CET4435018777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:06.539633989 CET50187443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:06.589472055 CET50187443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:06.589500904 CET4435018777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:06.589593887 CET50187443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:06.589600086 CET4435018777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:06.589776039 CET4435018777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:06.593470097 CET50187443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:06.593470097 CET50187443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:06.593492985 CET4435018777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:06.593504906 CET4435018777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:06.598592997 CET50188443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:06.598690033 CET4435018889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:06.598995924 CET50188443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:06.642111063 CET50188443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:06.642194986 CET4435018889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:06.642455101 CET4435018889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:06.642487049 CET50188443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:06.642519951 CET4435018889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:06.645476103 CET50189443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:06.645509005 CET44350189213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:06.647099972 CET50189443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:06.704612970 CET50189443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:06.704639912 CET44350189213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:06.704854012 CET44350189213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:06.708534956 CET50190443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:06.708586931 CET44350190193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:06.711318016 CET50190443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:06.761435986 CET50190443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:06.761462927 CET44350190193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:06.761563063 CET44350190193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:06.765074968 CET50191443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:06.765117884 CET4435019177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:06.765585899 CET50191443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:06.816267967 CET50191443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:06.816307068 CET4435019177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:06.816445112 CET4435019177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:06.821480989 CET50192443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:06.821521044 CET4435019289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:06.822104931 CET50192443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:06.863207102 CET50192443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:06.863238096 CET4435019289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:06.863279104 CET4435019289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:06.866126060 CET50193443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:06.866161108 CET44350193213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:06.866286039 CET50193443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:06.926670074 CET50193443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:06.926702976 CET44350193213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:06.926808119 CET44350193213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:06.929771900 CET50194443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:06.929816008 CET44350194193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:06.929959059 CET50194443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:06.985789061 CET50194443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:06.985815048 CET44350194193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:06.985867023 CET44350194193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:06.985901117 CET50194443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:06.985912085 CET44350194193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:09.021533012 CET50195443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:09.021644115 CET4435019577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:09.022023916 CET50195443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:09.085463047 CET50195443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:09.085546970 CET4435019577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:09.085588932 CET4435019577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:09.085654020 CET50195443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:09.085689068 CET4435019577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:09.089426994 CET50196443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:09.089468956 CET4435019689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:09.089709997 CET50196443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:09.140357018 CET50196443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:09.140386105 CET4435019689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:09.140424967 CET50196443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:09.140434027 CET4435019689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:09.140537024 CET4435019689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:09.145030022 CET50197443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:09.145075083 CET44350197213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:09.145198107 CET50197443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:09.215265989 CET50197443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:09.215265989 CET50197443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:09.215295076 CET44350197213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:09.215305090 CET44350197213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:09.215374947 CET44350197213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:09.218348026 CET50198443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:09.218389034 CET44350198193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:09.218466043 CET50198443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:09.297215939 CET50198443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:09.297241926 CET44350198193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:09.297291040 CET50198443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:09.297297955 CET44350198193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:09.297308922 CET44350198193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:11.330624104 CET50199443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:11.330672979 CET4435019977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:11.330735922 CET50199443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:11.388140917 CET50199443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:11.388170958 CET4435019977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:11.388219118 CET50199443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:11.388228893 CET4435019977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:11.388235092 CET4435019977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:11.393939972 CET50200443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:11.393989086 CET4435020089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:11.394046068 CET50200443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:11.447227001 CET50200443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:11.447261095 CET4435020089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:11.447329044 CET50200443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:11.447335958 CET4435020089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:11.447586060 CET4435020089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:11.451756954 CET50201443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:11.451790094 CET44350201213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:11.452260971 CET50201443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:11.553277969 CET50201443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:11.553298950 CET44350201213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:11.553369999 CET50201443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:11.553374052 CET44350201213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:11.553523064 CET44350201213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:11.562128067 CET50202443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:11.562172890 CET44350202193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:11.562237978 CET50202443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:11.636890888 CET50202443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:11.636919022 CET44350202193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:11.636992931 CET50202443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:11.636998892 CET44350202193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:11.637027025 CET44350202193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:11.644016981 CET50203443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:11.644052029 CET4435020377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:11.644229889 CET50203443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:11.772346973 CET50203443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:11.772367001 CET4435020377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:11.772413015 CET50203443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:11.772417068 CET4435020377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:11.772500038 CET4435020377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:11.777709961 CET50204443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:11.777808905 CET4435020489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:11.777900934 CET50204443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:11.915904999 CET50204443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:11.915905952 CET50204443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:11.916004896 CET4435020489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:11.916042089 CET4435020489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:11.916085958 CET4435020489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:11.920876026 CET50205443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:11.920917988 CET44350205213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:11.920979977 CET50205443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:11.990539074 CET50205443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:11.990560055 CET44350205213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:11.990576982 CET50205443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:11.990581989 CET44350205213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:11.990622044 CET44350205213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:11.995510101 CET50206443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:11.995539904 CET44350206193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:11.995598078 CET50206443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:12.077523947 CET50206443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:12.077543974 CET44350206193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:12.077583075 CET44350206193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:12.077600956 CET50206443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:12.077611923 CET44350206193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:14.114134073 CET50207443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:14.114181995 CET4435020777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:14.114248037 CET50207443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:14.177339077 CET50207443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:14.177357912 CET4435020777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:14.177400112 CET50207443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:14.177403927 CET4435020777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:14.177419901 CET4435020777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:14.181267977 CET50208443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:14.181302071 CET4435020889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:14.181351900 CET50208443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:14.224586010 CET50208443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:14.224615097 CET4435020889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:14.224661112 CET50208443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:14.224664927 CET4435020889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:14.224678993 CET4435020889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:14.228343010 CET50209443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:14.228427887 CET44350209213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:14.228503942 CET50209443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:14.293452024 CET50209443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:14.293507099 CET44350209213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:14.293564081 CET44350209213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:14.297161102 CET50210443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:14.297204018 CET44350210193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:14.303464890 CET50210443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:15.385976076 CET50210443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:15.386068106 CET44350210193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:15.386125088 CET44350210193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:15.386137009 CET50210443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:15.386177063 CET44350210193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:17.409154892 CET50211443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:17.409215927 CET4435021177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:17.409284115 CET50211443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:17.483155012 CET50211443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:17.483198881 CET4435021177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:17.483246088 CET50211443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:17.483253002 CET4435021177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:17.483298063 CET4435021177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:17.491038084 CET50212443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:17.491080999 CET4435021289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:17.491147995 CET50212443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:17.599401951 CET50212443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:17.599431992 CET4435021289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:17.599474907 CET50212443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:17.599483967 CET4435021289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:17.599517107 CET4435021289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:17.612783909 CET50213443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:17.612838030 CET44350213213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:17.612962961 CET50213443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:17.697972059 CET50213443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:17.697999954 CET44350213213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:17.698050976 CET50213443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:17.698072910 CET44350213213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:17.705735922 CET50214443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:17.705786943 CET44350214193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:17.705857992 CET50214443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:17.773305893 CET50214443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:17.773339987 CET44350214193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:17.773377895 CET44350214193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:17.773394108 CET50214443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:17.773411989 CET44350214193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:17.779690981 CET50215443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:17.779738903 CET4435021577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:17.779798985 CET50215443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:17.850074053 CET50215443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:17.850100040 CET4435021577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:17.850138903 CET4435021577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:17.850147009 CET50215443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:17.850164890 CET4435021577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:17.853146076 CET50216443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:17.853180885 CET4435021689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:17.853247881 CET50216443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:17.903702021 CET50216443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:17.903732061 CET4435021689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:17.903774977 CET50216443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:17.903796911 CET4435021689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:17.903840065 CET4435021689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:17.907125950 CET50217443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:17.907174110 CET44350217213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:17.907344103 CET50217443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:17.961143970 CET50217443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:17.961162090 CET44350217213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:17.961230040 CET44350217213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:17.961247921 CET50217443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:17.961262941 CET44350217213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:17.963282108 CET50218443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:17.963336945 CET44350218193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:17.963413000 CET50218443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:18.005001068 CET50218443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:18.005043030 CET44350218193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:18.005100965 CET50218443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:18.005120993 CET44350218193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:18.005136967 CET44350218193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:20.037365913 CET50219443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:20.037409067 CET4435021977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:20.037466049 CET50219443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:20.103737116 CET50219443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:20.103761911 CET4435021977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:20.103827953 CET4435021977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:20.103836060 CET50219443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:20.103852987 CET4435021977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:20.135607004 CET50220443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:20.135639906 CET4435022089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:20.135711908 CET50220443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:20.222641945 CET50220443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:20.222671986 CET4435022089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:20.222726107 CET50220443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:20.222732067 CET4435022089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:20.222759008 CET4435022089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:20.226975918 CET50221443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:20.227025986 CET44350221213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:20.227094889 CET50221443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:20.273367882 CET50221443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:20.273401976 CET44350221213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:20.273438931 CET44350221213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:20.277393103 CET50221443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:20.277426004 CET44350221213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:20.281383991 CET50222443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:20.281440020 CET44350222193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:20.285553932 CET50222443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:21.369733095 CET50222443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:21.369771957 CET44350222193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:21.369836092 CET44350222193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:21.369947910 CET50222443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:21.369980097 CET44350222193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:23.393667936 CET50223443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:23.393727064 CET4435022377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:23.393790007 CET50223443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:23.459424019 CET50223443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:23.459451914 CET4435022377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:23.459502935 CET50223443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:23.459506989 CET4435022377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:23.459522963 CET4435022377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:23.462367058 CET50224443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:23.462399006 CET4435022489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:23.462459087 CET50224443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:23.543431044 CET50224443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:23.543453932 CET4435022489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:23.543507099 CET50224443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:23.543512106 CET4435022489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:23.543556929 CET4435022489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:23.564001083 CET50225443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:23.564047098 CET44350225213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:23.564116001 CET50225443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:23.624193907 CET50225443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:23.624224901 CET44350225213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:23.624281883 CET50225443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:23.624289989 CET44350225213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:23.624330044 CET44350225213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:23.632152081 CET50226443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:23.632201910 CET44350226193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:23.632263899 CET50226443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:23.715502977 CET50226443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:23.715538979 CET44350226193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:23.715605021 CET50226443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:23.715610027 CET44350226193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:23.715791941 CET44350226193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:23.718502045 CET50227443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:23.718558073 CET4435022777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:23.718635082 CET50227443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:23.799241066 CET50227443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:23.799276114 CET4435022777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:23.799331903 CET50227443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:23.799343109 CET4435022777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:23.799370050 CET4435022777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:23.822552919 CET50228443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:23.822598934 CET4435022889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:23.822647095 CET50228443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:23.931046963 CET50228443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:23.931071997 CET4435022889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:23.931103945 CET50228443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:23.931109905 CET4435022889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:23.931128979 CET4435022889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:23.939575911 CET50229443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:23.939619064 CET44350229213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:23.939680099 CET50229443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:23.998974085 CET50229443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:23.999003887 CET44350229213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:23.999018908 CET50229443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:23.999027014 CET44350229213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:23.999270916 CET44350229213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:24.004915953 CET50230443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:24.004965067 CET44350230193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:24.005022049 CET50230443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:24.067065954 CET50230443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:24.067092896 CET44350230193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:24.067137003 CET50230443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:24.067143917 CET44350230193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:24.067152023 CET44350230193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:26.095959902 CET50231443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:26.096004963 CET4435023177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:26.096937895 CET50231443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:26.145291090 CET50231443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:26.145311117 CET4435023177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:26.145391941 CET4435023177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:26.145437956 CET50231443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:26.145452023 CET4435023177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:26.148144960 CET50232443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:26.148201942 CET4435023289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:26.148279905 CET50232443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:26.194549084 CET50232443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:26.194567919 CET4435023289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:26.194644928 CET4435023289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:26.194645882 CET50232443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:26.194658995 CET4435023289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:26.199002028 CET50233443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:26.199050903 CET44350233213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:26.199127913 CET50233443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:26.246296883 CET50233443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:26.246315956 CET44350233213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:26.246372938 CET50233443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:26.246377945 CET44350233213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:26.246402025 CET44350233213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:26.249834061 CET50234443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:26.249874115 CET44350234193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:26.249955893 CET50234443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:26.303831100 CET50234443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:26.303857088 CET44350234193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:26.303926945 CET44350234193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:26.303952932 CET50234443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:26.303972006 CET44350234193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:28.331471920 CET50235443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:28.331526041 CET4435023577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:28.336148024 CET50235443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:28.389271975 CET50235443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:28.389297009 CET4435023577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:28.389377117 CET4435023577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:28.389411926 CET50235443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:28.389425993 CET4435023577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:28.408263922 CET50236443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:28.408363104 CET4435023689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:28.409126997 CET50236443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:28.472171068 CET50236443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:28.472218037 CET4435023689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:28.472269058 CET50236443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:28.472281933 CET4435023689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:28.498343945 CET50237443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:28.498378992 CET44350237213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:28.501416922 CET50237443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:29.586744070 CET50237443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:29.586832047 CET44350237213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:29.586895943 CET44350237213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:29.586904049 CET50237443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:29.586941004 CET44350237213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:29.591002941 CET50238443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:29.591042042 CET44350238193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:29.591088057 CET50238443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:29.665983915 CET50238443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:29.666002035 CET44350238193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:29.666033030 CET50238443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:29.666038036 CET44350238193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:29.666110039 CET44350238193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:29.670248032 CET50239443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:29.670315981 CET4435023977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:29.670387983 CET50239443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:29.750958920 CET50239443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:29.750998974 CET4435023977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:29.751126051 CET50239443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:29.751135111 CET4435023977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:29.751334906 CET4435023977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:29.768656015 CET50240443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:29.768701077 CET4435024089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:29.768757105 CET50240443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:29.848779917 CET50240443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:29.848815918 CET4435024089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:29.848874092 CET50240443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:29.848881006 CET4435024089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:29.848934889 CET4435024089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:29.853209972 CET50241443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:29.853265047 CET44350241213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:29.853317976 CET50241443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:29.908651114 CET50241443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:29.908674002 CET44350241213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:29.908720970 CET50241443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:29.908725023 CET44350241213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:29.908796072 CET44350241213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:29.912517071 CET50242443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:29.912568092 CET44350242193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:29.912631035 CET50242443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:29.984236956 CET50242443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:29.984262943 CET44350242193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:29.984308958 CET50242443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:29.984313011 CET44350242193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:29.984325886 CET44350242193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:32.019993067 CET50243443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:32.020040989 CET4435024377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:32.020097971 CET50243443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:32.095891953 CET50243443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:32.095912933 CET4435024377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:32.095956087 CET50243443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:32.095959902 CET4435024377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:32.096018076 CET4435024377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:32.100128889 CET50244443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:32.100187063 CET4435024489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:32.100255013 CET50244443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:32.154109001 CET50244443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:32.154197931 CET4435024489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:32.154267073 CET50244443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:32.154294968 CET4435024489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:32.164392948 CET50245443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:32.164453030 CET44350245213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:32.164566040 CET50245443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:32.246732950 CET50245443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:32.246817112 CET44350245213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:32.246855021 CET50245443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:32.246877909 CET44350245213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:32.250356913 CET50246443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:32.250374079 CET44350246193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:32.250432968 CET50246443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:32.299622059 CET50246443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:32.299649000 CET44350246193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:32.299669027 CET50246443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:32.299676895 CET44350246193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:32.299721956 CET44350246193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:34.331893921 CET50247443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:34.332020044 CET4435024777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:34.337439060 CET50247443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:34.397345066 CET50247443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:34.397434950 CET4435024777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:34.397484064 CET4435024777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:34.399727106 CET50248443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:34.399739027 CET4435024889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:34.401463985 CET50248443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:34.441001892 CET50248443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:34.441042900 CET4435024889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:34.441093922 CET4435024889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:34.443747044 CET50249443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:34.443783998 CET44350249213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:34.443887949 CET50249443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:34.482486963 CET50249443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:34.482508898 CET44350249213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:34.482530117 CET44350249213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:34.482834101 CET50249443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:34.482850075 CET44350249213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:34.485117912 CET50250443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:34.485229015 CET44350250193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:34.485591888 CET50250443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:34.527081013 CET50250443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:34.527134895 CET44350250193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:34.527158022 CET44350250193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:34.529977083 CET50251443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:34.530023098 CET4435025177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:34.530203104 CET50251443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:34.585243940 CET50251443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:34.585243940 CET50251443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:34.585268021 CET4435025177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:34.585277081 CET4435025177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:34.585304976 CET4435025177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:34.589855909 CET50252443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:34.589905977 CET4435025289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:34.594391108 CET50252443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:34.648911953 CET50252443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:34.648936987 CET4435025289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:34.649008989 CET4435025289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:34.653320074 CET50253443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:34.653352022 CET44350253213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:34.654406071 CET50253443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:34.696557999 CET50253443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:34.696599960 CET44350253213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:34.696635962 CET44350253213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:34.696665049 CET50253443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:34.696690083 CET44350253213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:34.701133013 CET50254443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:34.701191902 CET44350254193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:34.701879978 CET50254443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:34.745472908 CET50254443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:34.745474100 CET50254443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:34.745506048 CET44350254193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:34.745520115 CET44350254193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:34.745548010 CET44350254193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:36.773320913 CET50255443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:36.773365974 CET4435025577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:36.779891968 CET50255443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:36.837521076 CET50255443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:36.837551117 CET4435025577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:36.837585926 CET4435025577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:36.845328093 CET50256443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:36.845371962 CET4435025689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:36.846210957 CET50256443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:37.927517891 CET50256443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:37.927545071 CET4435025689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:37.927614927 CET4435025689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:37.927673101 CET50256443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:37.927697897 CET4435025689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:37.939771891 CET50257443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:37.939827919 CET44350257213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:37.939915895 CET50257443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:38.007137060 CET50257443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:38.007160902 CET44350257213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:38.007221937 CET44350257213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:38.007260084 CET50257443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:38.007289886 CET44350257213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:38.015197992 CET50258443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:38.015252113 CET44350258193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:38.015310049 CET50258443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:38.096671104 CET50258443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:38.096709013 CET44350258193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:38.096761942 CET44350258193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:38.096812963 CET50258443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:38.096832037 CET44350258193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:40.159142017 CET50259443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:40.159189939 CET4435025977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:40.159280062 CET50259443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:40.199125051 CET50259443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:40.199125051 CET50259443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:40.199139118 CET4435025977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:40.199151039 CET4435025977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:40.199186087 CET4435025977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:40.204461098 CET50260443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:40.204509974 CET4435026089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:40.204567909 CET50260443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:40.244302034 CET50260443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:40.244302034 CET50260443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:40.244330883 CET4435026089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:40.244342089 CET4435026089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:40.244421005 CET4435026089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:40.250174046 CET50261443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:40.250222921 CET44350261213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:40.250282049 CET50261443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:40.307329893 CET50261443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:40.307329893 CET50261443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:40.307368040 CET44350261213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:40.307374954 CET44350261213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:40.307449102 CET44350261213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:40.311562061 CET50262443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:40.311619043 CET44350262193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:40.311700106 CET50262443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:40.360560894 CET50262443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:40.360582113 CET44350262193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:40.360635996 CET44350262193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:40.360672951 CET50262443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:40.360693932 CET44350262193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:40.363523960 CET50263443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:40.363569975 CET4435026377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:40.364182949 CET50263443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:40.409773111 CET50263443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:40.409807920 CET4435026377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:40.409852028 CET4435026377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:40.413331032 CET50264443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:40.413383007 CET4435026489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:40.413592100 CET50264443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:40.477895975 CET50264443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:40.477911949 CET4435026489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:40.477976084 CET4435026489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:40.480873108 CET50265443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:40.480915070 CET44350265213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:40.481021881 CET50265443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:40.547380924 CET50265443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:40.547465086 CET44350265213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:40.547655106 CET44350265213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:40.554599047 CET50266443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:40.554645061 CET44350266193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:40.555356026 CET50266443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:40.613425970 CET50266443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:40.613440037 CET44350266193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:40.613485098 CET44350266193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:42.643028021 CET50267443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:42.643074989 CET4435026777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:42.643229008 CET50267443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:42.694067001 CET50267443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:42.694098949 CET4435026777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:42.694189072 CET4435026777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:42.697000027 CET50268443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:42.697014093 CET4435026889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:42.697266102 CET50268443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:42.742264032 CET50268443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:42.742288113 CET4435026889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:42.742341042 CET4435026889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:42.747200012 CET50269443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:42.747248888 CET44350269213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:42.747524977 CET50269443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:42.789884090 CET50269443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:42.789901018 CET44350269213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:42.789963007 CET44350269213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:42.793261051 CET50270443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:42.793308973 CET44350270193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:42.793781042 CET50270443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:42.839860916 CET50270443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:42.839862108 CET50270443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:42.839879036 CET44350270193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:42.839888096 CET44350270193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:42.839940071 CET44350270193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:44.957422972 CET50271443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:44.957469940 CET4435027177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:44.959398031 CET50271443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:45.002700090 CET50271443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:45.002739906 CET4435027177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:45.002826929 CET4435027177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:45.002898932 CET50271443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:45.002919912 CET4435027177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:45.012856007 CET50272443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:45.012898922 CET4435027289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:45.013060093 CET50272443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:45.053375959 CET50272443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:45.053394079 CET4435027289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:45.053462982 CET4435027289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:45.053509951 CET50272443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:45.053523064 CET4435027289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:45.056978941 CET50273443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:45.057029963 CET44350273213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:45.057214022 CET50273443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:45.106240034 CET50273443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:45.106301069 CET44350273213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:45.106381893 CET50273443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:45.106388092 CET44350273213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:45.106451988 CET44350273213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:45.109488964 CET50274443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:45.109530926 CET44350274193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:45.109842062 CET50274443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:45.157358885 CET50274443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:45.157393932 CET44350274193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:45.157479048 CET44350274193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:45.157936096 CET50274443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:45.157964945 CET44350274193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:45.161272049 CET50275443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:45.161325932 CET4435027577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:45.161835909 CET50275443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:45.210597992 CET50275443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:45.210700035 CET4435027577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:45.210972071 CET4435027577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:45.211041927 CET50275443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:45.211110115 CET4435027577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:45.214724064 CET50276443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:45.214761972 CET4435027689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:45.214952946 CET50276443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:45.258660078 CET50276443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:45.258691072 CET4435027689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:45.258780003 CET4435027689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:45.260634899 CET50277443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:45.260678053 CET44350277213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:45.261137962 CET50277443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:45.301861048 CET50277443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:45.301861048 CET50277443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:45.301903963 CET44350277213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:45.301922083 CET44350277213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:45.301948071 CET44350277213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:45.304141998 CET50278443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:45.304217100 CET44350278193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:45.304426908 CET50278443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:45.386015892 CET50278443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:45.386065960 CET44350278193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:45.386112928 CET44350278193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:45.386140108 CET50278443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:45.386161089 CET44350278193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:47.410667896 CET50279443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:47.410769939 CET4435027977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:47.410866022 CET50279443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:47.474982977 CET50279443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:47.475023031 CET4435027977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:47.475100040 CET4435027977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:47.475188017 CET50279443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:47.475210905 CET4435027977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:47.477907896 CET50280443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:47.478015900 CET4435028089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:47.478111982 CET50280443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:47.517256021 CET50280443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:47.517354965 CET4435028089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:47.517431021 CET4435028089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:47.517544031 CET50280443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:47.517585039 CET4435028089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:47.519984007 CET50281443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:47.520031929 CET44350281213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:47.520088911 CET50281443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:47.586636066 CET50281443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:47.586678028 CET44350281213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:47.586743116 CET50281443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:47.586750984 CET44350281213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:47.586889982 CET44350281213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:47.592693090 CET50282443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:47.592730045 CET44350282193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:47.592777967 CET50282443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:47.653835058 CET50282443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:47.653856993 CET44350282193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:47.653892040 CET50282443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:47.653898954 CET44350282193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:47.653970003 CET44350282193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:49.690746069 CET50283443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:49.690788984 CET4435028377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:49.690856934 CET50283443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:49.849410057 CET50283443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:49.849447012 CET4435028377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:49.849493027 CET50283443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:49.849498034 CET4435028377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:49.849570990 CET4435028377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:49.855242014 CET50284443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:49.855289936 CET4435028489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:49.855343103 CET50284443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:49.920845985 CET50284443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:49.920877934 CET4435028489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:49.920901060 CET50284443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:49.920907974 CET4435028489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:49.920974970 CET4435028489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:49.927678108 CET50285443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:49.927721977 CET44350285213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:49.927779913 CET50285443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:50.038559914 CET50285443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:50.038584948 CET44350285213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:50.038651943 CET50285443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:50.038655043 CET44350285213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:50.038669109 CET44350285213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:50.041454077 CET50286443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:50.041497946 CET44350286193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:50.041640997 CET50286443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:50.120116949 CET50286443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:50.120150089 CET44350286193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:50.120220900 CET44350286193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:50.120270967 CET50286443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:50.120290995 CET44350286193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:50.125664949 CET50287443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:50.125710011 CET4435028777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:50.125778913 CET50287443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:50.212534904 CET50287443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:50.212558031 CET4435028777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:50.212640047 CET50287443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:50.212646961 CET4435028777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:50.212654114 CET4435028777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:50.226200104 CET50288443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:50.226227999 CET4435028889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:50.226283073 CET50288443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:50.277971029 CET50288443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:50.277985096 CET4435028889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:50.278055906 CET50288443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:50.278064013 CET4435028889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:50.278063059 CET4435028889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:50.282329082 CET50289443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:50.282382965 CET44350289213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:50.282576084 CET50289443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:51.341017962 CET50289443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:51.341037989 CET44350289213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:51.341078997 CET50289443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:51.341087103 CET44350289213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:51.341341019 CET44350289213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:51.343462944 CET50290443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:51.343497992 CET44350290193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:51.343556881 CET50290443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:51.380732059 CET50290443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:51.380767107 CET44350290193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:51.380830050 CET50290443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:51.380836010 CET44350290193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:51.380858898 CET44350290193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:53.408128977 CET50291443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:53.408178091 CET4435029177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:53.408252954 CET50291443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:53.478892088 CET50291443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:53.478933096 CET4435029177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:53.479049921 CET50291443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:53.479055882 CET4435029177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:53.479068041 CET4435029177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:53.484647036 CET50292443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:53.484711885 CET4435029289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:53.484776020 CET50292443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:53.549887896 CET50292443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:53.549926043 CET4435029289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:53.549990892 CET50292443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:53.550010920 CET4435029289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:53.550025940 CET4435029289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:53.555511951 CET50293443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:53.555591106 CET44350293213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:53.555696964 CET50293443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:53.625375986 CET50293443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:53.625416994 CET44350293213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:53.625435114 CET50293443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:53.625443935 CET44350293213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:53.625622988 CET44350293213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:53.630624056 CET50294443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:53.630671024 CET44350294193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:53.630729914 CET50294443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:53.707551003 CET50294443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:53.707551956 CET50294443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:53.707626104 CET44350294193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:53.707659960 CET44350294193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:53.707739115 CET44350294193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:55.736751080 CET50295443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:55.736856937 CET4435029577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:55.736943007 CET50295443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:55.781933069 CET50295443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:55.782012939 CET4435029577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:55.782067060 CET50295443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:55.782074928 CET4435029577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:55.782110929 CET4435029577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:55.785121918 CET50296443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:55.785223007 CET4435029689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:55.785309076 CET50296443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:55.837136030 CET50296443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:55.837219000 CET4435029689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:55.837261915 CET4435029689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:55.837285042 CET50296443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:55.837327003 CET4435029689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:55.840432882 CET50297443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:55.840471029 CET44350297213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:55.840625048 CET50297443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:55.892627001 CET50297443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:55.892651081 CET44350297213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:55.892695904 CET44350297213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:55.892781019 CET50297443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:55.892792940 CET44350297213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:55.895715952 CET50298443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:55.895816088 CET44350298193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:55.895904064 CET50298443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:55.960917950 CET50298443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:55.960979939 CET44350298193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:55.961029053 CET44350298193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:55.961064100 CET50298443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:55.961092949 CET44350298193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:55.964226961 CET50299443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:55.964267969 CET4435029977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:55.964329004 CET50299443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:56.011627913 CET50299443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:56.011627913 CET50299443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:56.011647940 CET4435029977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:56.011658907 CET4435029977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:56.011712074 CET4435029977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:56.019334078 CET50300443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:56.019377947 CET4435030089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:56.019531965 CET50300443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:56.091052055 CET50300443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:56.091078997 CET4435030089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:56.091135979 CET4435030089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:56.091250896 CET50300443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:56.091267109 CET4435030089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:56.095048904 CET50301443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:56.095101118 CET44350301213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:56.095160961 CET50301443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:56.157922029 CET50301443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:56.157955885 CET44350301213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:56.158034086 CET44350301213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:56.161087036 CET50302443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:56.161144018 CET44350302193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:56.161236048 CET50302443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:56.207375050 CET50302443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:56.207412004 CET44350302193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:56.207477093 CET44350302193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:58.236527920 CET50303443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:58.236571074 CET4435030377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:58.236629963 CET50303443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:58.289763927 CET50303443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:22:58.289798975 CET4435030377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:58.289907932 CET4435030377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:22:58.292743921 CET50304443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:58.292853117 CET4435030489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:58.293263912 CET50304443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:58.340915918 CET50304443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:58.340945005 CET4435030489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:58.341012955 CET4435030489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:58.341031075 CET50304443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:22:58.341048956 CET4435030489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:22:58.345814943 CET50305443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:58.345864058 CET44350305213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:58.347862005 CET50305443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:59.466306925 CET50305443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:59.466329098 CET44350305213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:59.466372013 CET50305443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:22:59.466377974 CET44350305213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:59.466476917 CET44350305213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:22:59.471041918 CET50306443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:59.471081018 CET44350306193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:59.471142054 CET50306443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:59.535548925 CET50306443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:59.535572052 CET44350306193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:59.535624981 CET50306443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:59.535659075 CET44350306193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:59.535733938 CET44350306193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:22:59.536710024 CET50306443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:22:59.536724091 CET44350306193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:01.687252045 CET50307443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:01.687293053 CET4435030777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:01.687347889 CET50307443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:01.795305967 CET50307443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:01.795305967 CET50307443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:01.795360088 CET4435030777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:01.795373917 CET4435030777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:01.795512915 CET4435030777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:01.799666882 CET50308443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:01.799705029 CET4435030889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:01.799801111 CET50308443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:01.846311092 CET50308443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:01.846338034 CET4435030889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:01.846383095 CET50308443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:01.846389055 CET4435030889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:01.846519947 CET4435030889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:01.852041960 CET50309443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:01.852092028 CET44350309213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:01.852143049 CET50309443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:01.959031105 CET50309443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:01.959068060 CET44350309213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:01.959119081 CET50309443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:01.959127903 CET44350309213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:01.959141016 CET44350309213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:01.964381933 CET50310443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:01.964430094 CET44350310193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:01.964551926 CET50310443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:02.025101900 CET50310443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:02.025135994 CET44350310193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:02.025218964 CET44350310193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:02.025232077 CET50310443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:02.025250912 CET44350310193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:02.036961079 CET50311443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:02.037000895 CET4435031177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:02.037101984 CET50311443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:02.103359938 CET50311443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:02.103394032 CET4435031177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:02.103441954 CET50311443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:02.103456020 CET4435031177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:02.107528925 CET50312443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:02.107575893 CET4435031289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:02.107636929 CET50312443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:02.168133020 CET50312443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:02.168168068 CET4435031289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:02.168229103 CET50312443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:02.168241978 CET4435031289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:02.168247938 CET4435031289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:02.173666954 CET50313443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:02.173706055 CET44350313213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:02.173759937 CET50313443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:02.253943920 CET50313443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:02.253977060 CET44350313213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:02.254020929 CET50313443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:02.254026890 CET44350313213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:02.254163027 CET44350313213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:02.258212090 CET50314443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:02.258270979 CET44350314193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:02.258343935 CET50314443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:02.326256990 CET50314443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:02.326298952 CET44350314193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:02.326366901 CET44350314193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:02.326535940 CET50314443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:02.326554060 CET44350314193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:04.346889019 CET50315443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:04.346944094 CET4435031577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:04.347347975 CET50315443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:04.391377926 CET50315443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:04.391391993 CET4435031577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:04.391455889 CET4435031577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:04.401177883 CET50316443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:04.401228905 CET4435031689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:04.409168959 CET50316443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:04.448771000 CET50316443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:04.448793888 CET4435031689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:04.448838949 CET4435031689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:04.453171968 CET50317443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:04.453206062 CET44350317213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:04.461174011 CET50317443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:05.506876945 CET50317443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:05.506920099 CET44350317213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:05.506937981 CET50317443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:05.506946087 CET44350317213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:05.506970882 CET44350317213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:05.509766102 CET50318443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:05.509843111 CET44350318193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:05.509932041 CET50318443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:05.565871000 CET50318443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:05.565892935 CET44350318193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:05.565939903 CET50318443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:05.565948963 CET44350318193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:07.597248077 CET50319443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:07.597352028 CET4435031977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:07.597429037 CET50319443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:07.669492006 CET50319443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:07.669531107 CET4435031977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:07.669584036 CET4435031977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:07.669610977 CET50319443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:07.669627905 CET4435031977.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:07.675723076 CET50320443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:07.675753117 CET4435032089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:07.675859928 CET50320443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:07.766860008 CET50320443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:07.766885042 CET4435032089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:07.766932964 CET4435032089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:07.766935110 CET50320443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:07.766947985 CET4435032089.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:07.773844957 CET50321443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:07.773895025 CET44350321213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:07.773958921 CET50321443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:07.883044004 CET50321443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:07.883070946 CET44350321213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:07.883131981 CET50321443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:07.883138895 CET44350321213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:07.886751890 CET50322443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:07.886790037 CET44350322193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:07.886858940 CET50322443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:07.964061022 CET50322443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:07.964076042 CET44350322193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:07.964111090 CET44350322193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:07.964119911 CET50322443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:07.964139938 CET44350322193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:07.968915939 CET50323443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:07.968966007 CET4435032377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:07.969022036 CET50323443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:08.031332016 CET50323443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:08.031361103 CET4435032377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:08.031378031 CET50323443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:08.031383991 CET4435032377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:08.031424999 CET4435032377.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:08.037211895 CET50324443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:08.037246943 CET4435032489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:08.037298918 CET50324443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:08.140410900 CET50324443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:08.140424013 CET4435032489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:08.140477896 CET50324443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:08.140476942 CET4435032489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:08.140490055 CET4435032489.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:08.146056890 CET50325443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:08.146104097 CET44350325213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:08.146164894 CET50325443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:08.222956896 CET50325443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:08.222997904 CET44350325213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:08.223032951 CET50325443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:08.223042011 CET44350325213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:08.223064899 CET44350325213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:08.227066994 CET50326443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:08.227118015 CET44350326193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:08.227346897 CET50326443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:08.307341099 CET50326443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:08.307377100 CET44350326193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:08.307426929 CET44350326193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:08.307452917 CET50326443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:08.307471991 CET44350326193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:10.596163034 CET50327443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:10.596214056 CET4435032777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:10.596426964 CET50327443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:10.647387028 CET50327443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:10.647423983 CET4435032777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:10.647497892 CET4435032777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:10.647531033 CET50327443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:10.647552013 CET4435032777.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:10.651684046 CET50328443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:10.651732922 CET4435032889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:10.651896000 CET50328443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:10.713144064 CET50328443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:10.713180065 CET4435032889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:10.713246107 CET4435032889.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:10.717256069 CET50329443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:10.717304945 CET44350329213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:10.717664957 CET50329443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:10.771333933 CET50329443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:10.771358013 CET44350329213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:10.771429062 CET44350329213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:10.775310040 CET50330443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:10.775372982 CET44350330193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:10.775505066 CET50330443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:10.817375898 CET50330443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:10.817409992 CET44350330193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:10.817468882 CET44350330193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:10.817611933 CET50330443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:10.817630053 CET44350330193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:12.861133099 CET50331443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:12.861183882 CET4435033177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:12.861931086 CET50331443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:12.905144930 CET50331443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:12.905144930 CET50331443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:12.905164003 CET4435033177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:12.905177116 CET4435033177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:12.905226946 CET4435033177.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:12.913120031 CET50332443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:12.913175106 CET4435033289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:12.921124935 CET50332443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:13.968528032 CET50332443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:13.968549967 CET4435033289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:13.968638897 CET4435033289.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:13.972332954 CET50333443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:13.972407103 CET44350333213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:13.972487926 CET50333443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:14.009917021 CET50333443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:14.009947062 CET44350333213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:14.010005951 CET50333443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:14.010015965 CET44350333213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:14.010031939 CET44350333213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:14.011084080 CET50334443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:14.011131048 CET44350334193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:14.013175011 CET50334443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:14.057167053 CET50334443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:14.057197094 CET44350334193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:14.057243109 CET50334443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:14.057262897 CET44350334193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:14.057274103 CET44350334193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:14.058455944 CET50335443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:14.058495998 CET4435033577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:14.058578014 CET50335443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:14.109564066 CET50335443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:14.109599113 CET4435033577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:14.109658003 CET4435033577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:14.109762907 CET50335443192.168.2.477.221.149.84
                                                                        Dec 11, 2024 16:23:14.109776020 CET4435033577.221.149.84192.168.2.4
                                                                        Dec 11, 2024 16:23:14.110790014 CET50336443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:14.110830069 CET4435033689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:14.111540079 CET50336443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:14.171885967 CET50336443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:14.171921015 CET4435033689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:14.171982050 CET50336443192.168.2.489.116.191.177
                                                                        Dec 11, 2024 16:23:14.171991110 CET4435033689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:14.171998024 CET4435033689.116.191.177192.168.2.4
                                                                        Dec 11, 2024 16:23:14.173110008 CET50337443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:14.173216105 CET44350337213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:14.173310041 CET50337443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:14.213737011 CET50337443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:14.213792086 CET44350337213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:14.213840008 CET44350337213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:14.213856936 CET50337443192.168.2.4213.210.13.4
                                                                        Dec 11, 2024 16:23:14.213875055 CET44350337213.210.13.4192.168.2.4
                                                                        Dec 11, 2024 16:23:14.215337992 CET50338443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:14.215378046 CET44350338193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:14.216180086 CET50338443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:14.265122890 CET50338443192.168.2.4193.188.22.40
                                                                        Dec 11, 2024 16:23:14.265153885 CET44350338193.188.22.40192.168.2.4
                                                                        Dec 11, 2024 16:23:14.265208960 CET44350338193.188.22.40192.168.2.4

                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:10:19:04
                                                                        Start date:11/12/2024
                                                                        Path:C:\Users\user\Desktop\UFh7A8CImG.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\UFh7A8CImG.exe"
                                                                        Imagebase:0xe50000
                                                                        File size:13'858'920 bytes
                                                                        MD5 hash:33285B33F1D7997939C34A2DEB30BEAC
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:1
                                                                        Start time:10:19:07
                                                                        Start date:11/12/2024
                                                                        Path:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
                                                                        Imagebase:0x400000
                                                                        File size:2'607'448 bytes
                                                                        MD5 hash:5B219E412528752277F1118513D99D43
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:Borland Delphi
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.1771393442.0000000006107000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.1766962431.00000000055C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.1776282835.0000000005B54000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.2112045230.0000000007C9E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.2111575348.000000000699E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.1772025546.0000000005B59000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.1766487852.000000000501F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.2111088801.0000000005B52000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.2112762112.000000000699A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.1769409309.0000000005019000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.1770783572.0000000005B5F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1767758397.0000000004A76000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.1767758397.0000000004A76000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.2115889808.0000000007C9A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.2115889808.0000000007C9A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1772504401.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.1772504401.00000000060FE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1770179849.0000000005013000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000001.00000003.1770179849.0000000005013000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        Antivirus matches:
                                                                        • Detection: 3%, ReversingLabs
                                                                        Reputation:low
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:6
                                                                        Start time:10:20:36
                                                                        Start date:11/12/2024
                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
                                                                        Imagebase:0x240000
                                                                        File size:236'544 bytes
                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:7
                                                                        Start time:10:20:36
                                                                        Start date:11/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:8
                                                                        Start time:10:20:36
                                                                        Start date:11/12/2024
                                                                        Path:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
                                                                        Imagebase:0x400000
                                                                        File size:2'607'448 bytes
                                                                        MD5 hash:5B219E412528752277F1118513D99D43
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:Borland Delphi
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.4163904835.000000000547F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000008.00000002.4163904835.000000000547F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.4163433694.0000000004ED6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000008.00000002.4163433694.0000000004ED6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2672511181.0000000005485000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000008.00000003.2672511181.0000000005485000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2675930453.0000000005476000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000008.00000003.2675930453.0000000005476000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2677180622.0000000004933000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000008.00000003.2677180622.0000000004933000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2682133919.000000000493C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000008.00000003.2682133919.000000000493C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2680974566.0000000005FD0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000008.00000003.2680974566.0000000005FD0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2674638334.0000000004ED5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000008.00000003.2674638334.0000000004ED5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2681358492.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000008.00000003.2681358492.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2672015882.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000008.00000003.2672015882.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2675208046.0000000005A2A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000008.00000003.2675208046.0000000005A2A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:9
                                                                        Start time:10:20:36
                                                                        Start date:11/12/2024
                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
                                                                        Imagebase:0xd10000
                                                                        File size:433'152 bytes
                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:10
                                                                        Start time:10:20:46
                                                                        Start date:11/12/2024
                                                                        Path:C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe"
                                                                        Imagebase:0x400000
                                                                        File size:2'607'448 bytes
                                                                        MD5 hash:5B219E412528752277F1118513D99D43
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:Borland Delphi
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2753770406.0000000004F46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 0000000A.00000003.2753770406.0000000004F46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.4163859568.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 0000000A.00000002.4163859568.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2757410780.0000000004F43000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 0000000A.00000003.2757410780.0000000004F43000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2756648118.00000000054E9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 0000000A.00000003.2756648118.00000000054E9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.4163368007.00000000049A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 0000000A.00000002.4163368007.00000000049A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2761374837.000000000603D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 0000000A.00000003.2761374837.000000000603D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2754810471.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 0000000A.00000003.2754810471.00000000054E8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2761931254.00000000054E2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 0000000A.00000003.2761931254.00000000054E2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2757899973.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 0000000A.00000003.2757899973.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2758858785.00000000049A7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 0000000A.00000003.2758858785.00000000049A7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2762777663.0000000004F4C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 0000000A.00000003.2762777663.0000000004F4C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:false

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:4.1%
                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                          Signature Coverage:2.8%
                                                                          Total number of Nodes:726
                                                                          Total number of Limit Nodes:33
                                                                          execution_graph 4193 f071f0 4194 f07240 4193->4194 4195 f071f9 4193->4195 4195->4194 4196 f071ff caerDeviceConfigSet 4195->4196 4196->4194 4197 f07226 caerDeviceConfigSet 4196->4197 4198 f06f70 4199 f06f7e 4198->4199 4200 f0702f 4198->4200 4199->4200 4205 10d1a00 4199->4205 4202 f06f94 4202->4200 4202->4202 4210 10d7807 4202->4210 4208 10eb544 4205->4208 4206 10eb57c RtlAllocateHeap 4207 10eb58f __dosmaperr 4206->4207 4206->4208 4207->4202 4208->4206 4208->4207 4209 10e73cf 2 API calls 4208->4209 4209->4208 4211 10eb6c0 ___free_lconv_mon 2 API calls 4210->4211 4212 f07015 4211->4212 4213 f07170 4214 f07179 4213->4214 4215 f071dd 4213->4215 4214->4215 4216 f0717f caerDeviceConfigSet 4214->4216 4251 f175b0 4252 f175c5 4251->4252 4253 f175be 4251->4253 4253->4252 4254 10d7807 ___vcrt_freefls@4 2 API calls 4253->4254 4254->4252 4217 10d698e 4218 10d69b2 4217->4218 4219 10d6999 4217->4219 4220 10d82d7 21 API calls 4219->4220 4220->4218 4170 10d7807 4171 10eb6c0 ___free_lconv_mon 2 API calls 4170->4171 4172 10d781f 4171->4172 4255 10df2c7 4256 10df2d3 4255->4256 4261 10e60df EnterCriticalSection 4256->4261 4258 10df2e2 4262 10df346 4258->4262 4261->4258 4265 10e6127 LeaveCriticalSection 4262->4265 4264 10df338 4265->4264 4266 10cff40 4267 10cff5e 4266->4267 4285 10cff00 4267->4285 4286 10cff1f 4285->4286 4287 10cff12 4285->4287 4288 10cbc9f _ValidateLocalCookies 5 API calls 4287->4288 4288->4286 4290 f07320 4291 f074db 4290->4291 4293 f07337 4290->4293 4292 10d1a00 3 API calls 4295 f07392 4292->4295 4293->4291 4293->4292 4294 f074bf 4296 10d7807 ___vcrt_freefls@4 2 API calls 4294->4296 4295->4291 4295->4294 4297 f074e8 4295->4297 4296->4291 4301 f08e10 4297->4301 4300 10d7807 ___vcrt_freefls@4 2 API calls 4300->4291 4302 f08e26 caerLogVAFull 4301->4302 4303 f074f9 4301->4303 4302->4303 4303->4300 4221 f17860 4222 10d1a00 3 API calls 4221->4222 4223 f17885 4222->4223 4224 f17892 caerLogLevelGet 4223->4224 4225 f1788e 4223->4225 4226 f177e0 4227 f177f2 4226->4227 4228 f177ec 4226->4228 4229 f17802 4227->4229 4231 10d7807 ___vcrt_freefls@4 2 API calls 4227->4231 4230 10d7807 ___vcrt_freefls@4 2 API calls 4228->4230 4232 10d7807 ___vcrt_freefls@4 2 API calls 4229->4232 4230->4227 4231->4229 4233 f1780b 4232->4233 4304 10cbf59 4307 10ccecf 4304->4307 4306 10cbf5e 4306->4306 4308 10ccee5 4307->4308 4310 10cceee 4308->4310 4311 10cce82 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 4308->4311 4310->4306 4311->4310 4234 ea8670 4235 ea867a 4234->4235 4236 ea86b5 4234->4236 4237 10d1a00 3 API calls 4235->4237 4238 ea868b 4237->4238 4238->4236 4239 ea8694 InitializeCriticalSection 4238->4239 4316 efcc30 caerLogVAFull 4240 f072d0 4241 f07314 4240->4241 4242 f072d9 4240->4242 4242->4241 4243 f072df caerDynapseGenerateSramBits caerDeviceConfigSet 4242->4243 4244 f07250 4245 f07259 4244->4245 4246 f0725d 4244->4246 4246->4245 4247 f07263 caerDynapseGenerateSramBits caerDeviceConfigSet 4246->4247 3718 10dfbef 3719 10dfbfb 3718->3719 3720 10dfc0f 3719->3720 3721 10dfc02 GetLastError ExitThread 3719->3721 3726 10eb067 GetLastError 3720->3726 3723 10dfc14 3744 10dfdce 3723->3744 3727 10eb07d 3726->3727 3730 10eb083 3726->3730 3754 10ed24d 3727->3754 3729 10eb087 SetLastError 3733 10eb11c 3729->3733 3734 10eb117 3729->3734 3730->3729 3749 10eb544 3730->3749 3767 10d89df 3733->3767 3734->3723 3736 10eb0bc 3758 10eb6c0 3736->3758 3737 10eb121 3738 10eb0b4 3738->3736 3739 10eb0f4 3738->3739 3762 10eae95 3739->3762 3743 10eb6c0 ___free_lconv_mon 2 API calls 3743->3729 4164 10dfca4 3744->4164 3752 10eb551 3749->3752 3750 10eb57c RtlAllocateHeap 3751 10eb58f __dosmaperr 3750->3751 3750->3752 3751->3738 3752->3750 3752->3751 3792 10e73cf 3752->3792 3755 10ed269 3754->3755 3756 10ed284 TlsGetValue 3755->3756 3757 10ed272 3755->3757 3757->3730 3759 10eb6cb RtlFreeHeap 3758->3759 3761 10eb6ed __dosmaperr 3758->3761 3760 10eb6e0 GetLastError 3759->3760 3759->3761 3760->3761 3761->3729 3806 10ead29 3762->3806 3948 10df411 3767->3948 3770 10d89ef 3771 10d89f9 IsProcessorFeaturePresent 3770->3771 3772 10d8a18 3770->3772 3774 10d8a05 3771->3774 3990 10d1732 3772->3990 3984 10d8158 3774->3984 3778 10d8a4b 3781 10d8a71 3778->3781 3782 10d8a52 3778->3782 3779 10d8a31 3993 10d8f0b 3779->3993 4002 10ee3dc 3781->4002 3787 10d8a3b __dosmaperr 3782->3787 3997 10d8f25 3782->3997 3785 10d8a80 3786 10d8a87 GetLastError 3785->3786 3788 10d8aad 3785->3788 3790 10d8f25 5 API calls 3785->3790 3786->3787 3787->3737 3788->3787 3789 10ee3dc MultiByteToWideChar 3788->3789 3791 10d8ac4 3789->3791 3790->3788 3791->3786 3791->3787 3795 10e73fb 3792->3795 3796 10e7407 3795->3796 3801 10e60df EnterCriticalSection 3796->3801 3798 10e7412 3802 10e7449 3798->3802 3801->3798 3805 10e6127 LeaveCriticalSection 3802->3805 3804 10e73da 3804->3752 3805->3804 3807 10ead35 3806->3807 3820 10e60df EnterCriticalSection 3807->3820 3809 10ead3f 3821 10ead6f 3809->3821 3812 10eae3b 3813 10eae47 3812->3813 3825 10e60df EnterCriticalSection 3813->3825 3815 10eae51 3826 10eb01c 3815->3826 3817 10eae69 3830 10eae89 3817->3830 3820->3809 3824 10e6127 LeaveCriticalSection 3821->3824 3823 10ead5d 3823->3812 3824->3823 3825->3815 3827 10eb052 3826->3827 3828 10eb02b 3826->3828 3827->3817 3828->3827 3833 10f3a17 3828->3833 3947 10e6127 LeaveCriticalSection 3830->3947 3832 10eae77 3832->3743 3835 10f3a97 3833->3835 3836 10f3a2d 3833->3836 3837 10eb6c0 ___free_lconv_mon 2 API calls 3835->3837 3860 10f3ae5 3835->3860 3836->3835 3841 10eb6c0 ___free_lconv_mon 2 API calls 3836->3841 3843 10f3a60 3836->3843 3838 10f3ab9 3837->3838 3839 10eb6c0 ___free_lconv_mon 2 API calls 3838->3839 3844 10f3acc 3839->3844 3840 10eb6c0 ___free_lconv_mon 2 API calls 3845 10f3a8c 3840->3845 3847 10f3a55 3841->3847 3842 10f3af3 3846 10f3b53 3842->3846 3855 10eb6c0 RtlFreeHeap GetLastError ___free_lconv_mon 3842->3855 3848 10eb6c0 ___free_lconv_mon 2 API calls 3843->3848 3859 10f3a82 3843->3859 3849 10eb6c0 ___free_lconv_mon 2 API calls 3844->3849 3850 10eb6c0 ___free_lconv_mon 2 API calls 3845->3850 3851 10eb6c0 ___free_lconv_mon 2 API calls 3846->3851 3861 10f2d69 3847->3861 3853 10f3a77 3848->3853 3854 10f3ada 3849->3854 3850->3835 3856 10f3b59 3851->3856 3889 10f31c8 3853->3889 3858 10eb6c0 ___free_lconv_mon 2 API calls 3854->3858 3855->3842 3856->3827 3858->3860 3859->3840 3901 10f3b88 3860->3901 3862 10f2d7a 3861->3862 3888 10f2e63 3861->3888 3863 10f2d8b 3862->3863 3864 10eb6c0 ___free_lconv_mon 2 API calls 3862->3864 3865 10f2d9d 3863->3865 3866 10eb6c0 ___free_lconv_mon 2 API calls 3863->3866 3864->3863 3867 10f2daf 3865->3867 3868 10eb6c0 ___free_lconv_mon 2 API calls 3865->3868 3866->3865 3869 10f2dc1 3867->3869 3870 10eb6c0 ___free_lconv_mon 2 API calls 3867->3870 3868->3867 3871 10eb6c0 ___free_lconv_mon 2 API calls 3869->3871 3872 10f2dd3 3869->3872 3870->3869 3871->3872 3873 10f2de5 3872->3873 3874 10eb6c0 ___free_lconv_mon 2 API calls 3872->3874 3875 10f2df7 3873->3875 3876 10eb6c0 ___free_lconv_mon 2 API calls 3873->3876 3874->3873 3877 10f2e09 3875->3877 3879 10eb6c0 ___free_lconv_mon 2 API calls 3875->3879 3876->3875 3878 10f2e1b 3877->3878 3880 10eb6c0 ___free_lconv_mon 2 API calls 3877->3880 3881 10f2e2d 3878->3881 3882 10eb6c0 ___free_lconv_mon 2 API calls 3878->3882 3879->3877 3880->3878 3883 10f2e3f 3881->3883 3884 10eb6c0 ___free_lconv_mon 2 API calls 3881->3884 3882->3881 3885 10f2e51 3883->3885 3886 10eb6c0 ___free_lconv_mon 2 API calls 3883->3886 3884->3883 3887 10eb6c0 ___free_lconv_mon 2 API calls 3885->3887 3885->3888 3886->3885 3887->3888 3888->3843 3890 10f31d5 3889->3890 3900 10f322d 3889->3900 3891 10f31e5 3890->3891 3892 10eb6c0 ___free_lconv_mon 2 API calls 3890->3892 3893 10f31f7 3891->3893 3894 10eb6c0 ___free_lconv_mon 2 API calls 3891->3894 3892->3891 3895 10f3209 3893->3895 3897 10eb6c0 ___free_lconv_mon 2 API calls 3893->3897 3894->3893 3896 10f321b 3895->3896 3898 10eb6c0 ___free_lconv_mon 2 API calls 3895->3898 3899 10eb6c0 ___free_lconv_mon 2 API calls 3896->3899 3896->3900 3897->3895 3898->3896 3899->3900 3900->3859 3902 10f3b95 3901->3902 3906 10f3bb4 3901->3906 3902->3906 3907 10f36ef 3902->3907 3905 10eb6c0 ___free_lconv_mon 2 API calls 3905->3906 3906->3842 3908 10f3700 3907->3908 3942 10f37cd 3907->3942 3943 10f344e 3908->3943 3911 10f344e 2 API calls 3912 10f3713 3911->3912 3913 10f344e 2 API calls 3912->3913 3914 10f371e 3913->3914 3915 10f344e 2 API calls 3914->3915 3916 10f3729 3915->3916 3917 10f344e 2 API calls 3916->3917 3918 10f3737 3917->3918 3919 10eb6c0 ___free_lconv_mon 2 API calls 3918->3919 3920 10f3742 3919->3920 3921 10eb6c0 ___free_lconv_mon 2 API calls 3920->3921 3922 10f374d 3921->3922 3923 10eb6c0 ___free_lconv_mon 2 API calls 3922->3923 3924 10f3758 3923->3924 3925 10f344e 2 API calls 3924->3925 3926 10f3766 3925->3926 3927 10f344e 2 API calls 3926->3927 3928 10f3774 3927->3928 3929 10f344e 2 API calls 3928->3929 3930 10f3785 3929->3930 3931 10f344e 2 API calls 3930->3931 3932 10f3793 3931->3932 3933 10f344e 2 API calls 3932->3933 3934 10f37a1 3933->3934 3935 10eb6c0 ___free_lconv_mon 2 API calls 3934->3935 3936 10f37ac 3935->3936 3937 10eb6c0 ___free_lconv_mon 2 API calls 3936->3937 3938 10f37b7 3937->3938 3939 10eb6c0 ___free_lconv_mon 2 API calls 3938->3939 3940 10f37c2 3939->3940 3941 10eb6c0 ___free_lconv_mon 2 API calls 3940->3941 3941->3942 3942->3905 3944 10f3460 3943->3944 3945 10f346f 3944->3945 3946 10eb6c0 ___free_lconv_mon 2 API calls 3944->3946 3945->3911 3946->3944 3947->3832 4005 10df25f 3948->4005 3951 10df456 3956 10df462 3951->3956 3952 10df4b2 __dosmaperr 4016 10d8354 3952->4016 3953 10df4c4 3955 10df4fa 3953->3955 4018 10e60df EnterCriticalSection 3953->4018 3954 10df49c 3954->3770 3960 10df634 3955->3960 3961 10df537 3955->3961 3970 10df565 3955->3970 3956->3952 3956->3953 3956->3954 3966 10df63f 3960->3966 4023 10e6127 LeaveCriticalSection 3960->4023 3965 10eb067 34 API calls 3961->3965 3961->3970 3964 10d1732 11 API calls 3971 10df647 3964->3971 3968 10df55a 3965->3968 3966->3964 3967 10eb067 34 API calls 3972 10df5ba 3967->3972 3969 10eb067 34 API calls 3968->3969 3969->3970 4019 10df5e0 3970->4019 3973 10df748 3971->3973 3979 10df6ae 3971->3979 3983 10df670 3971->3983 3972->3954 3974 10eb067 34 API calls 3972->3974 4029 10e60df EnterCriticalSection 3973->4029 3974->3954 3976 10df755 3977 10df777 SetConsoleCtrlHandler 3976->3977 3982 10df788 __dosmaperr 3976->3982 3978 10df791 GetLastError 3977->3978 3977->3982 3978->3982 3979->3983 4024 10ebaa0 3979->4024 4030 10df7f0 3982->4030 3983->3770 3985 10d8174 3984->3985 3986 10d81a0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3985->3986 3988 10d8271 3986->3988 4087 10cbc9f 3988->4087 3989 10d828f 3989->3772 4095 10d15a2 3990->4095 3994 10d8f16 3993->3994 3995 10d8f1e 3993->3995 3996 10eb6c0 ___free_lconv_mon 2 API calls 3994->3996 3995->3787 3996->3995 3998 10d8f0b 2 API calls 3997->3998 3999 10d8f33 3998->3999 4159 10d8f64 3999->4159 4162 10ee344 4002->4162 4006 10df26b 4005->4006 4011 10e60df EnterCriticalSection 4006->4011 4008 10df279 4012 10df2bb 4008->4012 4011->4008 4015 10e6127 LeaveCriticalSection 4012->4015 4014 10d89e4 4014->3770 4014->3951 4015->4014 4033 10d82a0 4016->4033 4018->3955 4020 10df5ac 4019->4020 4021 10df5e4 4019->4021 4020->3954 4020->3967 4020->3972 4085 10e6127 LeaveCriticalSection 4021->4085 4023->3966 4026 10ebadc __dosmaperr 4024->4026 4027 10ebaae 4024->4027 4025 10ebac9 RtlAllocateHeap 4025->4026 4025->4027 4026->3983 4027->4025 4027->4026 4028 10e73cf 2 API calls 4027->4028 4028->4027 4029->3976 4086 10e6127 LeaveCriticalSection 4030->4086 4032 10df7f7 4032->3983 4034 10d82b2 4033->4034 4039 10d82d7 4034->4039 4040 10d82e7 4039->4040 4041 10d82ee 4039->4041 4054 10d193c GetLastError 4040->4054 4046 10d82ca 4041->4046 4058 10d812f 4041->4058 4044 10d8323 4044->4046 4061 10d8381 IsProcessorFeaturePresent 4044->4061 4048 10d17cc 4046->4048 4047 10d8353 4049 10d17d8 4048->4049 4050 10d17ef 4049->4050 4078 10d1982 4049->4078 4052 10d1982 36 API calls 4050->4052 4053 10d1802 4050->4053 4052->4053 4055 10d1955 4054->4055 4065 10eb269 4055->4065 4059 10d813a GetLastError SetLastError 4058->4059 4060 10d8153 4058->4060 4059->4044 4060->4044 4062 10d838d 4061->4062 4063 10d8158 8 API calls 4062->4063 4064 10d83a2 GetCurrentProcess TerminateProcess 4063->4064 4064->4047 4066 10eb27c 4065->4066 4068 10eb282 4065->4068 4067 10ed24d TlsGetValue 4066->4067 4067->4068 4069 10d196d SetLastError 4068->4069 4070 10eb544 3 API calls 4068->4070 4069->4041 4071 10eb2ac 4070->4071 4072 10eb2e8 4071->4072 4073 10eb2b4 4071->4073 4074 10eae95 4 API calls 4072->4074 4075 10eb6c0 ___free_lconv_mon 2 API calls 4073->4075 4076 10eb2f3 4074->4076 4075->4069 4077 10eb6c0 ___free_lconv_mon 2 API calls 4076->4077 4077->4069 4079 10d198c 4078->4079 4080 10d1995 4078->4080 4081 10d193c 8 API calls 4079->4081 4080->4050 4082 10d1991 4081->4082 4082->4080 4083 10d89df 36 API calls 4082->4083 4084 10d199e 4083->4084 4084->4050 4085->4020 4086->4032 4088 10cbca8 IsProcessorFeaturePresent 4087->4088 4089 10cbca7 4087->4089 4091 10cc4ac 4088->4091 4089->3989 4094 10cc46f SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4091->4094 4093 10cc58f 4093->3989 4094->4093 4096 10d15cf 4095->4096 4097 10d15e1 4095->4097 4121 10cd0d1 GetModuleHandleW 4096->4121 4107 10d1433 4097->4107 4102 10d161e 4102->3778 4102->3779 4106 10d1633 4108 10d143f 4107->4108 4129 10e60df EnterCriticalSection 4108->4129 4110 10d1449 4130 10d14ba 4110->4130 4112 10d1456 4134 10d1474 4112->4134 4115 10d1639 4116 10d1643 4115->4116 4117 10d1657 4116->4117 4118 10d1647 GetCurrentProcess TerminateProcess 4116->4118 4119 10d1683 3 API calls 4117->4119 4118->4117 4120 10d165f ExitProcess 4119->4120 4122 10cd0dd 4121->4122 4122->4097 4123 10d1683 GetModuleHandleExW 4122->4123 4124 10d16e3 4123->4124 4125 10d16c2 GetProcAddress 4123->4125 4126 10d16e9 FreeLibrary 4124->4126 4127 10d15e0 4124->4127 4125->4124 4128 10d16d6 4125->4128 4126->4127 4127->4097 4128->4124 4129->4110 4131 10d14c6 4130->4131 4133 10d152a 4131->4133 4137 10ea01d 4131->4137 4133->4112 4158 10e6127 LeaveCriticalSection 4134->4158 4136 10d1462 4136->4102 4136->4115 4138 10ea029 __EH_prolog3 4137->4138 4141 10e9d75 4138->4141 4140 10ea050 4140->4133 4142 10e9d81 4141->4142 4149 10e60df EnterCriticalSection 4142->4149 4144 10e9d8f 4150 10e9f2d 4144->4150 4149->4144 4151 10e9f4c 4150->4151 4152 10e9d9c 4150->4152 4151->4152 4153 10eb6c0 ___free_lconv_mon 2 API calls 4151->4153 4154 10e9dc4 4152->4154 4153->4152 4157 10e6127 LeaveCriticalSection 4154->4157 4156 10e9dad 4156->4140 4157->4156 4158->4136 4160 10ebaa0 3 API calls 4159->4160 4161 10d8f44 4160->4161 4161->3787 4163 10ee355 MultiByteToWideChar 4162->4163 4163->3785 4165 10dfcaf 4164->4165 4166 10dfcf1 ExitThread 4165->4166 4167 10dfcdb 4165->4167 4168 10dfcd4 CloseHandle 4165->4168 4167->4166 4169 10dfce7 FreeLibraryAndExitThread 4167->4169 4168->4167 4169->4166 4317 10d4668 4320 10d2b6d 4317->4320 4319 10d46a3 4330 10d693b 4320->4330 4322 10d2b7f 4323 10d2b94 4322->4323 4326 10d2bc7 4322->4326 4329 10d2baf 4322->4329 4324 10d82d7 21 API calls 4323->4324 4324->4329 4325 10d2c5e 4327 10d6884 36 API calls 4325->4327 4326->4325 4335 10d6884 4326->4335 4327->4329 4329->4319 4331 10d6940 __dosmaperr 4330->4331 4332 10d6953 4330->4332 4333 10d8354 36 API calls 4331->4333 4332->4322 4334 10d6950 4333->4334 4334->4322 4336 10d68a9 4335->4336 4337 10d6895 __dosmaperr 4335->4337 4336->4325 4337->4336 4338 10d8354 36 API calls 4337->4338 4338->4336 4339 10d1060 4340 10d1072 4339->4340 4342 10d1080 4339->4342 4341 10cbc9f _ValidateLocalCookies 5 API calls 4340->4341 4341->4342 4173 10ebaa0 4175 10ebadc __dosmaperr 4173->4175 4176 10ebaae 4173->4176 4174 10ebac9 RtlAllocateHeap 4174->4175 4174->4176 4176->4174 4176->4175 4177 10e73cf 2 API calls 4176->4177 4177->4176 4343 10d597c 4344 10d5a01 4343->4344 4355 10d59cd 4343->4355 4345 10d5a3a 4344->4345 4346 10d5a06 4344->4346 4348 10d5a08 4345->4348 4349 10d5a57 4345->4349 4347 10d5a33 4346->4347 4346->4348 4375 10d66e3 4347->4375 4352 10d5a2b 4348->4352 4348->4355 4359 10d59ff 4348->4359 4379 10d671d 4349->4379 4368 10d368c 4352->4368 4360 10d5a60 4355->4360 4361 10d39ab 4355->4361 4356 10cbc9f _ValidateLocalCookies 5 API calls 4357 10d5cd9 4356->4357 4359->4360 4382 10eb8a0 4359->4382 4360->4356 4362 10d39c0 4361->4362 4363 10d3a09 4362->4363 4364 10d39e2 4362->4364 4367 10d39ff 4363->4367 4392 10d299c 4363->4392 4365 10d82d7 21 API calls 4364->4365 4365->4367 4367->4359 4369 10d36a1 4368->4369 4370 10d36c3 4369->4370 4372 10d36ea 4369->4372 4371 10d82d7 21 API calls 4370->4371 4374 10d36e0 4371->4374 4373 10d299c 5 API calls 4372->4373 4372->4374 4373->4374 4374->4359 4376 10d66ef 4375->4376 4406 10d336d 4376->4406 4378 10d66ff 4378->4359 4380 10d39ab 22 API calls 4379->4380 4381 10d6732 4380->4381 4381->4359 4383 10eb8b5 4382->4383 4385 10eb8f6 4383->4385 4389 10eb8b9 4383->4389 4391 10eb8e2 4383->4391 4413 10d68e0 4383->4413 4385->4389 4385->4391 4420 10ef733 4385->4420 4386 10d82d7 21 API calls 4386->4389 4388 10eb9b1 4388->4389 4390 10eb9c7 GetLastError 4388->4390 4389->4359 4390->4389 4390->4391 4391->4386 4391->4389 4393 10d29b1 4392->4393 4394 10d29c3 4392->4394 4393->4367 4394->4393 4395 10ebaa0 3 API calls 4394->4395 4396 10d29e7 4395->4396 4397 10d29ef 4396->4397 4398 10d29fa 4396->4398 4399 10eb6c0 ___free_lconv_mon 2 API calls 4397->4399 4403 10d443a 4398->4403 4399->4393 4402 10eb6c0 ___free_lconv_mon 2 API calls 4402->4393 4404 10eb6c0 ___free_lconv_mon 2 API calls 4403->4404 4405 10d2a05 4404->4405 4405->4402 4407 10d3382 4406->4407 4408 10d33a4 4407->4408 4410 10d33cb 4407->4410 4409 10d82d7 21 API calls 4408->4409 4412 10d33c1 4409->4412 4411 10d299c 5 API calls 4410->4411 4410->4412 4411->4412 4412->4378 4414 10d1982 36 API calls 4413->4414 4415 10d68f0 4414->4415 4423 10ebb1b 4415->4423 4421 10ef746 4420->4421 4422 10ef784 WideCharToMultiByte 4421->4422 4422->4388 4424 10ebb32 4423->4424 4426 10d690d 4423->4426 4424->4426 4431 10f3c63 4424->4431 4427 10ebb79 4426->4427 4428 10d691a 4427->4428 4429 10ebb90 4427->4429 4428->4385 4429->4428 4453 10f225b 4429->4453 4432 10f3c6f 4431->4432 4433 10eb067 36 API calls 4432->4433 4434 10f3c78 4433->4434 4435 10f3cbe 4434->4435 4444 10e60df EnterCriticalSection 4434->4444 4435->4426 4437 10f3c96 4445 10f3ce4 4437->4445 4442 10d89df 36 API calls 4443 10f3ce3 4442->4443 4444->4437 4446 10f3cf2 4445->4446 4448 10f3ca7 4445->4448 4447 10f3a17 2 API calls 4446->4447 4446->4448 4447->4448 4449 10f3cc3 4448->4449 4452 10e6127 LeaveCriticalSection 4449->4452 4451 10f3cba 4451->4435 4451->4442 4452->4451 4454 10eb067 36 API calls 4453->4454 4455 10f2260 4454->4455 4458 10f2173 4455->4458 4457 10f226b 4457->4428 4459 10f217f 4458->4459 4460 10f2199 4459->4460 4473 10e60df EnterCriticalSection 4459->4473 4463 10f21a0 4460->4463 4465 10d89df 36 API calls 4460->4465 4462 10f21a9 4469 10eb6c0 ___free_lconv_mon 2 API calls 4462->4469 4471 10f21d5 4462->4471 4463->4457 4466 10f2212 4465->4466 4467 10f224e 4466->4467 4477 10eb122 4466->4477 4467->4457 4469->4471 4474 10f21f2 4471->4474 4473->4462 4514 10e6127 LeaveCriticalSection 4474->4514 4476 10f21f9 4476->4460 4478 10eb12d 4477->4478 4481 10eb133 4477->4481 4479 10ed24d TlsGetValue 4478->4479 4479->4481 4480 10eb139 4483 10d89df 36 API calls 4480->4483 4484 10eb13e 4480->4484 4481->4480 4482 10eb544 3 API calls 4481->4482 4486 10eb15d 4482->4486 4485 10eb1b7 4483->4485 4493 10f201e 4484->4493 4487 10eb165 4486->4487 4488 10eb199 4486->4488 4490 10eb6c0 ___free_lconv_mon 2 API calls 4487->4490 4489 10eae95 4 API calls 4488->4489 4491 10eb1a4 4489->4491 4490->4480 4492 10eb6c0 ___free_lconv_mon 2 API calls 4491->4492 4492->4484 4494 10f2173 44 API calls 4493->4494 4495 10f2048 4494->4495 4515 10f1da5 4495->4515 4498 10ebaa0 3 API calls 4499 10f2072 4498->4499 4500 10f207a 4499->4500 4501 10f2088 4499->4501 4502 10eb6c0 ___free_lconv_mon 2 API calls 4500->4502 4522 10f226e 4501->4522 4504 10f2061 4502->4504 4504->4467 4506 10f20c0 __dosmaperr 4510 10eb6c0 ___free_lconv_mon 2 API calls 4506->4510 4507 10f2107 4509 10f2150 4507->4509 4533 10f1c97 4507->4533 4508 10f20db 4508->4507 4511 10eb6c0 ___free_lconv_mon 2 API calls 4508->4511 4513 10eb6c0 ___free_lconv_mon 2 API calls 4509->4513 4510->4504 4511->4507 4513->4504 4514->4476 4541 10d8e4a 4515->4541 4518 10f1dd8 4520 10f1ddd GetACP 4518->4520 4521 10f1def 4518->4521 4519 10f1dc6 GetOEMCP 4519->4521 4520->4521 4521->4498 4521->4504 4523 10f1da5 42 API calls 4522->4523 4524 10f228e 4523->4524 4526 10f22cb IsValidCodePage 4524->4526 4530 10f22e6 4524->4530 4532 10f2393 4524->4532 4525 10cbc9f _ValidateLocalCookies 5 API calls 4527 10f20b5 4525->4527 4528 10f22dd 4526->4528 4526->4532 4527->4506 4527->4508 4529 10f2306 GetCPInfo 4528->4529 4528->4530 4529->4530 4529->4532 4557 10f1e79 4530->4557 4532->4525 4534 10f1ca3 4533->4534 4620 10e60df EnterCriticalSection 4534->4620 4536 10f1cad 4621 10f1ce4 4536->4621 4542 10d8e68 4541->4542 4543 10d8e61 4541->4543 4542->4543 4544 10eb067 36 API calls 4542->4544 4543->4518 4543->4519 4545 10d8e89 4544->4545 4549 10ebaee 4545->4549 4550 10d8e9f 4549->4550 4551 10ebb01 4549->4551 4553 10ebb4c 4550->4553 4551->4550 4552 10f3c63 36 API calls 4551->4552 4552->4550 4554 10ebb74 4553->4554 4555 10ebb5f 4553->4555 4554->4543 4555->4554 4556 10f225b 44 API calls 4555->4556 4556->4554 4558 10f1ea1 GetCPInfo 4557->4558 4567 10f1f6a 4557->4567 4564 10f1eb9 4558->4564 4558->4567 4559 10cbc9f _ValidateLocalCookies 5 API calls 4561 10f201c 4559->4561 4561->4532 4568 10ef36a 4564->4568 4566 10ef65a 43 API calls 4566->4567 4567->4559 4569 10d8e4a 43 API calls 4568->4569 4570 10ef38a 4569->4570 4571 10ee3dc MultiByteToWideChar 4570->4571 4574 10ef3b7 4571->4574 4572 10ef446 4575 10cbc9f _ValidateLocalCookies 5 API calls 4572->4575 4573 10ef43e 4588 10cbc81 4573->4588 4574->4572 4574->4573 4577 10ebaa0 3 API calls 4574->4577 4579 10ef3dc 4574->4579 4578 10ef469 4575->4578 4577->4579 4583 10ef65a 4578->4583 4579->4573 4580 10ee3dc MultiByteToWideChar 4579->4580 4581 10ef425 4580->4581 4581->4573 4582 10ef42c GetStringTypeW 4581->4582 4582->4573 4584 10d8e4a 44 API calls 4583->4584 4585 10ef66d 4584->4585 4592 10ef46b 4585->4592 4589 10cbc9c 4588->4589 4590 10cbc8b 4588->4590 4589->4572 4590->4589 4591 10d7807 ___vcrt_freefls@4 RtlFreeHeap GetLastError 4590->4591 4591->4589 4593 10ef486 4592->4593 4594 10ee3dc MultiByteToWideChar 4593->4594 4598 10ef4ca 4594->4598 4595 10ef645 4596 10cbc9f _ValidateLocalCookies 5 API calls 4595->4596 4597 10ef658 4596->4597 4597->4566 4598->4595 4599 10ebaa0 EnterCriticalSection LeaveCriticalSection RtlAllocateHeap 4598->4599 4601 10ef4f0 4598->4601 4612 10ef598 4598->4612 4599->4601 4600 10cbc81 __freea RtlFreeHeap GetLastError 4600->4595 4602 10ee3dc MultiByteToWideChar 4601->4602 4601->4612 4603 10ef539 4602->4603 4604 10ed4a7 LCMapStringW 4603->4604 4603->4612 4605 10ef55b 4604->4605 4606 10ef56f 4605->4606 4607 10ef5a7 4605->4607 4605->4612 4611 10ed4a7 LCMapStringW 4606->4611 4606->4612 4608 10ef630 4607->4608 4609 10ebaa0 EnterCriticalSection LeaveCriticalSection RtlAllocateHeap 4607->4609 4613 10ef5b9 4607->4613 4610 10cbc81 __freea RtlFreeHeap GetLastError 4608->4610 4609->4613 4610->4612 4611->4612 4612->4600 4613->4608 4614 10ed4a7 LCMapStringW 4613->4614 4615 10ef5fc 4614->4615 4615->4608 4616 10ef733 WideCharToMultiByte 4615->4616 4617 10ef616 4616->4617 4617->4608 4618 10ef61f 4617->4618 4619 10cbc81 __freea RtlFreeHeap GetLastError 4618->4619 4619->4612 4620->4536 4631 10d7d51 4621->4631 4623 10f1d06 4624 10d7d51 36 API calls 4623->4624 4625 10f1d25 4624->4625 4626 10eb6c0 ___free_lconv_mon 2 API calls 4625->4626 4627 10f1cba 4625->4627 4626->4627 4628 10f1cd8 4627->4628 4638 10e6127 LeaveCriticalSection 4628->4638 4630 10f1cc6 4630->4509 4632 10d7d62 4631->4632 4635 10d7d5e 4631->4635 4633 10d7d69 __dosmaperr 4632->4633 4636 10d7d7c __dosmaperr 4632->4636 4634 10d8354 36 API calls 4633->4634 4634->4635 4635->4623 4636->4635 4637 10d8354 36 API calls 4636->4637 4637->4635 4638->4630 4642 10ea1f4 4643 10ea212 __dosmaperr 4642->4643 4645 10ea232 4642->4645 4644 10d8354 36 API calls 4643->4644 4644->4645 4178 efcd50 4179 efcd8e 4178->4179 4180 efcf30 caerLog 4178->4180 4179->4180 4183 efcd96 4179->4183 4181 10cbc9f _ValidateLocalCookies 5 API calls 4180->4181 4182 efcf53 4181->4182 4184 efce00 4183->4184 4188 10dd0da GetSystemTimeAsFileTime 4183->4188 4185 10cbc9f _ValidateLocalCookies 5 API calls 4184->4185 4186 efcf29 4185->4186 4189 10dd113 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 4188->4189 4189->4184 4190 10d1732 4191 10d15a2 11 API calls 4190->4191 4192 10d1743 4191->4192 4248 10fa230 4249 10cbc9f _ValidateLocalCookies 5 API calls 4248->4249 4250 10fa243 4249->4250

                                                                          Executed Functions

                                                                          Function 00EFCD50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • caerLog.UFH7A8CIMG(00000003,Logger,Missing subSystem or format strings. Neither can be NULL.), ref: 00EFCF3C
                                                                          Strings
                                                                          • Logger, xrefs: 00EFCF35
                                                                          • Missing subSystem or format strings. Neither can be NULL., xrefs: 00EFCF30
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Logger$Missing subSystem or format strings. Neither can be NULL.
                                                                          • API String ID: 3879971092-1739742932
                                                                          • Opcode ID: 04b8e8213093cbf4251e77c13fd0782955461aa70a8904d257a3d78a67f11e77
                                                                          • Instruction ID: e1b1d76441eb9c7c8a3e01a103e931c7ef580e9acc9581444173d22789d96555
                                                                          • Opcode Fuzzy Hash: 04b8e8213093cbf4251e77c13fd0782955461aa70a8904d257a3d78a67f11e77
                                                                          • Instruction Fuzzy Hash: 2E217771A083499FC364EF19D191B6BBBE1BBD8744F94842EE4C887244EF30A940CB82
                                                                          Function 010DFCA4 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 15 10dfca4-10dfcb1 call 10eb1b8 18 10dfcf1-10dfcf4 ExitThread 15->18 19 10dfcb3-10dfcbb 15->19 19->18 20 10dfcbd-10dfcc1 19->20 21 10dfcc8-10dfcce 20->21 22 10dfcc3 call 10ed570 20->22 24 10dfcdb-10dfce1 21->24 25 10dfcd0-10dfcd2 21->25 22->21 24->18 27 10dfce3-10dfce5 24->27 25->24 26 10dfcd4-10dfcd5 CloseHandle 25->26 26->24 27->18 28 10dfce7-10dfceb FreeLibraryAndExitThread 27->28 28->18
                                                                          APIs
                                                                            • Part of subcall function 010EB067: GetLastError.KERNEL32(?,?,010E5F2D,?,010DAF02,?,?,00EFCE12,?,00000000), ref: 010EB1BC
                                                                            • Part of subcall function 010EB067: SetLastError.KERNEL32(00000000,?,00000000,?,00000006,000000FF,00000006), ref: 010EB25E
                                                                          • CloseHandle.KERNEL32(?,?,?,010DFDDB,?,?,010DFC4D,00000000), ref: 010DFCD5
                                                                          • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,010DFDDB,?,?,010DFC4D,00000000), ref: 010DFCEB
                                                                          • ExitThread.KERNEL32 ref: 010DFCF4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                          • String ID:
                                                                          • API String ID: 1991824761-0
                                                                          • Opcode ID: 2704de26143ae6570901d4fb2347b9b92aa2e619001e156ec71670974e9a3973
                                                                          • Instruction ID: 24aeb1662990f37cd27bf4c6a0d582389455c3a6c86d26e552bafd85eff13d16
                                                                          • Opcode Fuzzy Hash: 2704de26143ae6570901d4fb2347b9b92aa2e619001e156ec71670974e9a3973
                                                                          • Instruction Fuzzy Hash: D6F0543040170A7BEB711A6D8A4C55A7EE96F00270F149694FDE6C35A0D735D452D790
                                                                          Function 010D1639 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(?,?,010D1633,?,010D199E,?,?,598EEA67,010D199E,?), ref: 010D164A
                                                                          • TerminateProcess.KERNEL32(00000000,?,010D1633,?,010D199E,?,?,598EEA67,010D199E,?), ref: 010D1651
                                                                          • ExitProcess.KERNEL32 ref: 010D1663
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID: Process$CurrentExitTerminate
                                                                          • String ID:
                                                                          • API String ID: 1703294689-0
                                                                          • Opcode ID: 6afc8b3231f40cdf8cb404ed2d3d4d13493ea939576678012fe198105623b252
                                                                          • Instruction ID: f70376eaae9b14ff999f18b7535fbb5fc1f44cb7957f1fd7330fcf896b67960d
                                                                          • Opcode Fuzzy Hash: 6afc8b3231f40cdf8cb404ed2d3d4d13493ea939576678012fe198105623b252
                                                                          • Instruction Fuzzy Hash: 8FD09231000209BFDF613FA0E90E99D3F2AEF68261B484054FA894A564CF7AD952DB84
                                                                          Function 010DFBEF Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • GetLastError.KERNEL32(011A4CD8,0000000C), ref: 010DFC02
                                                                          • ExitThread.KERNEL32 ref: 010DFC09
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorExitLastThread
                                                                          • String ID:
                                                                          • API String ID: 1611280651-0
                                                                          • Opcode ID: 77e9f166128e59ed73e5d9fe5267624c845684e431952e0c1e9b9b82a4bd8584
                                                                          • Instruction ID: 9171069e35f6f4fd90be91cd4aa4f258c74a0c9916c1f82c4b0e7b942acabf51
                                                                          • Opcode Fuzzy Hash: 77e9f166128e59ed73e5d9fe5267624c845684e431952e0c1e9b9b82a4bd8584
                                                                          • Instruction Fuzzy Hash: 13F0C2B1A00206AFDB11ABF0C809AAE3BB5EF54650F108149F49697650CF755A52CBA1
                                                                          Function 010EB6C0 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 55 10eb6c0-10eb6c9 56 10eb6cb-10eb6de RtlFreeHeap 55->56 57 10eb6f8-10eb6f9 55->57 56->57 58 10eb6e0-10eb6f7 GetLastError call 10d83cb call 10d8468 56->58 58->57
                                                                          APIs
                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,?,010D781F,?,?,00000000,00F07015,00000000), ref: 010EB6D6
                                                                          • GetLastError.KERNEL32(?,?,010D781F,?,?,00000000,00F07015,00000000), ref: 010EB6E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 485612231-0
                                                                          • Opcode ID: 8d701d8718a11b5eb3ce8dce5a5a855cc94658bf52e6c4d16a6fbd04bf553f0f
                                                                          • Instruction ID: 11fc5f92ec8780cc24d0b29ce9406df3373f6771879b50b8f51d9f0e81d137d5
                                                                          • Opcode Fuzzy Hash: 8d701d8718a11b5eb3ce8dce5a5a855cc94658bf52e6c4d16a6fbd04bf553f0f
                                                                          • Instruction Fuzzy Hash: B4E0C232201305AFCB222FE6F80DBD93FD9AB45792F1080A6F64C96460DF798491CB94
                                                                          Function 010EB544 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 63 10eb544-10eb54f 64 10eb55d-10eb563 63->64 65 10eb551-10eb55b 63->65 67 10eb57c-10eb58d RtlAllocateHeap 64->67 68 10eb565-10eb566 64->68 65->64 66 10eb591-10eb59c call 10d8468 65->66 73 10eb59e-10eb5a0 66->73 69 10eb58f 67->69 70 10eb568-10eb56f call 10e95d2 67->70 68->67 69->73 70->66 76 10eb571-10eb57a call 10e73cf 70->76 76->66 76->67
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(00000008,?,?,?,00F06F94,?,00000006), ref: 010EB585
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: 2430fc39aecd0e7c00af6250950f3552500e0f4a933e5e3df165a345196cd775
                                                                          • Instruction ID: 4613d388ad59afb3f3fe7556041b7640874e357c9a256280ff0a640f63577b9f
                                                                          • Opcode Fuzzy Hash: 2430fc39aecd0e7c00af6250950f3552500e0f4a933e5e3df165a345196cd775
                                                                          • Instruction Fuzzy Hash: 44F0BB33601231AEAB715B27580DB9E3BC89B85770B158062E9D4A6080CF20D90087E0
                                                                          Function 010EBAA0 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 79 10ebaa0-10ebaac 80 10ebade-10ebae9 call 10d8468 79->80 81 10ebaae-10ebab0 79->81 89 10ebaeb-10ebaed 80->89 83 10ebac9-10ebada RtlAllocateHeap 81->83 84 10ebab2-10ebab3 81->84 85 10ebadc 83->85 86 10ebab5-10ebabc call 10e95d2 83->86 84->83 85->89 86->80 91 10ebabe-10ebac7 call 10e73cf 86->91 91->80 91->83
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(00000000,010D8AAD,?,?,010D8F71,?,?,010D8F44,?,00000000,?,?,?,?,010D8AAD,?), ref: 010EBAD2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: c547bc5114fa9306e9c884cc985b6266d6181542e57e0c9d5cee9cb41725035a
                                                                          • Instruction ID: 4eba74913fb03aff6f97545f7a558992367dfd6894976bc223be658f1de23145
                                                                          • Opcode Fuzzy Hash: c547bc5114fa9306e9c884cc985b6266d6181542e57e0c9d5cee9cb41725035a
                                                                          • Instruction Fuzzy Hash: 2AE065322012165EEF72266BAD1DB9B7ED8DF426B2F0D4161DDD596880DB60C80087E1

                                                                          Non-executed Functions

                                                                          Function 010D8158 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 010D8250
                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 010D825A
                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 010D8267
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                          • String ID:
                                                                          • API String ID: 3906539128-0
                                                                          • Opcode ID: 50e5c8fd809af68ea3cbc0f8b258ef43e3627f40b0f1d17c2c73c422985d9dc4
                                                                          • Instruction ID: b06deadf80bac42a1e718ff33838db1ac99b28e33765c79d2a708eea1649d707
                                                                          • Opcode Fuzzy Hash: 50e5c8fd809af68ea3cbc0f8b258ef43e3627f40b0f1d17c2c73c422985d9dc4
                                                                          • Instruction Fuzzy Hash: 5031C37490122DABCF61DF68D888BDCBBB8BF58710F5041EAE45CA7250E7749B858F44
                                                                          Function 00F18690 Relevance: 1.8, Strings: 1, Instructions: 506COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: VUUU
                                                                          • API String ID: 0-2040033107
                                                                          • Opcode ID: 1dd09d55a297ed68cb689ce32ab53c61debd9c8157e39d57a918f93e5a410c22
                                                                          • Instruction ID: 11a581b4d9cc326f92c3242caa8663a00e61c02b13b2e0c901e8f247179705c2
                                                                          • Opcode Fuzzy Hash: 1dd09d55a297ed68cb689ce32ab53c61debd9c8157e39d57a918f93e5a410c22
                                                                          • Instruction Fuzzy Hash: BE225C316083118FC768CF1DC6905BAB3E1BF89704F548A1DF889A73A1E735E891DB96
                                                                          Function 010D597C Relevance: .3, Instructions: 293COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c52542897634788d1b750bd0d50585f471c74a704d68d4f000177adc5b7654bb
                                                                          • Instruction ID: 9b87e71a42e613e7881c375590be009a6b2b25ad2cacfbdd97eb715b44322749
                                                                          • Opcode Fuzzy Hash: c52542897634788d1b750bd0d50585f471c74a704d68d4f000177adc5b7654bb
                                                                          • Instruction Fuzzy Hash: C1B1B970900B4A8FDB64CF6CC8D0ABABBF1BF05314F144699D9D69B291D731A845CF52
                                                                          Function 010CFF40 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 147 10cff40-10cff91 call 10fa134 call 10cff00 call 10d0f8c 154 10cffed-10cfff0 147->154 155 10cff93-10cffa5 147->155 156 10d0010-10d0019 154->156 157 10cfff2-10cffff call 10d1110 154->157 155->156 158 10cffa7-10cffbe 155->158 162 10d0004-10d000d call 10cff00 157->162 160 10cffd4 158->160 161 10cffc0-10cffce call 10d10b0 158->161 164 10cffd7-10cffdc 160->164 169 10cffe4-10cffeb 161->169 170 10cffd0 161->170 162->156 164->158 167 10cffde-10cffe0 164->167 167->156 171 10cffe2 167->171 169->162 172 10d001a-10d0023 170->172 173 10cffd2 170->173 171->162 174 10d005d-10d006d call 10d10f0 172->174 175 10d0025-10d002c 172->175 173->164 180 10d006f-10d007e call 10d1110 174->180 181 10d0081-10d00a5 call 10cff00 call 10d10d0 call 10d1127 174->181 175->174 177 10d002e-10d003d call 10f9fa0 175->177 185 10d003f-10d0057 177->185 186 10d005a 177->186 180->181 195 10d00aa-10d00b1 call 10d01c7 181->195 196 10d00a7-10d00a9 181->196 185->186 186->174 199 10d00ba-10d00bc 195->199 200 10d00b3-10d00b8 call 10d1163 195->200 200->196
                                                                          APIs
                                                                          • _ValidateLocalCookies.LIBCMT ref: 010CFF77
                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 010CFF7F
                                                                          • _ValidateLocalCookies.LIBCMT ref: 010D0008
                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 010D0033
                                                                          • _ValidateLocalCookies.LIBCMT ref: 010D0088
                                                                          • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 010D009E
                                                                          • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 010D00B3
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
                                                                          • String ID: csm
                                                                          • API String ID: 1385549066-1018135373
                                                                          • Opcode ID: 1627697e3118685468ed3b53d83304c61e331ff5c1d7fe9c4fc9caf5b62a1b07
                                                                          • Instruction ID: 8898de15cfd34104ea309b39dc66275ab1eb8d96d5d152b9a9431938ad4993f0
                                                                          • Opcode Fuzzy Hash: 1627697e3118685468ed3b53d83304c61e331ff5c1d7fe9c4fc9caf5b62a1b07
                                                                          • Instruction Fuzzy Hash: 3741B634A0030AABCF10DF68C844ADEBFE5EF45354F148199F9989B355CB729906CF92
                                                                          Function 010D1683 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 203 10d1683-10d16c0 GetModuleHandleExW 204 10d16e3-10d16e7 203->204 205 10d16c2-10d16d4 GetProcAddress 203->205 206 10d16e9-10d16ec FreeLibrary 204->206 207 10d16f2-10d16ff 204->207 205->204 208 10d16d6-10d16e1 205->208 206->207 208->204
                                                                          APIs
                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,598EEA67,?,?,00000000,010FA230,000000FF,?,010D165F,?,?,010D1633,?), ref: 010D16B8
                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 010D16CA
                                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,010FA230,000000FF,?,010D165F,?,?,010D1633,?), ref: 010D16EC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1728722892.0000000000E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                          • Associated: 00000000.00000002.1728705913.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728892064.00000000010FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728950462.00000000011A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728970535.00000000011AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1728988755.00000000011AB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729005453.00000000011AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1729028556.00000000011B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_e50000_UFh7A8CImG.jbxd
                                                                          Similarity
                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                          • API String ID: 4061214504-1276376045
                                                                          • Opcode ID: e29d3d650fca87ec9ec82104bd744bdbb2bdbeab24d8b2f9bf4436651a27b2a4
                                                                          • Instruction ID: a40a844b59c050fd71f8a674c16868aeec10a15908897d4c17581b5b789eb7c1
                                                                          • Opcode Fuzzy Hash: e29d3d650fca87ec9ec82104bd744bdbb2bdbeab24d8b2f9bf4436651a27b2a4
                                                                          • Instruction Fuzzy Hash: 2501DB31900719FFDB118F94DC05BAE7BF8FB04B10F04422DF951A2690DB799900CB54

                                                                          Execution Graph

                                                                          Execution Coverage:2.7%
                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                          Signature Coverage:4.6%
                                                                          Total number of Nodes:2000
                                                                          Total number of Limit Nodes:63
                                                                          execution_graph 85423 6ce99be8 85424 6ce99bfc GetCurrentThreadId 85423->85424 85425 6ce99bf7 85423->85425 85426 6ce99c32 85424->85426 85425->85424 85427 6ce99ca5 85426->85427 85431 6ce99f48 85426->85431 85437 6ce99b7c 85427->85437 85429 6ce99f78 GetCurrentThreadId 85432 6ce99f85 85429->85432 85431->85429 85431->85432 85433 6ce9a01f FreeLibrary 85432->85433 85434 6ce9a047 85432->85434 85433->85432 85435 6ce9a050 85434->85435 85436 6ce9a056 ExitProcess 85434->85436 85435->85436 85438 6ce99bc4 85437->85438 85439 6ce99b8c 85437->85439 85439->85438 85443 6cf76168 85439->85443 85522 6cf76878 85439->85522 85530 6cea0508 GetSystemInfo 85439->85530 85444 6cf76189 85443->85444 85470 6cf7658b 85443->85470 85445 6cf7619b GetVersionExW 85444->85445 85446 6cf761fa 85445->85446 85447 6cf76216 85446->85447 85448 6cf7620d GetNativeSystemInfo 85446->85448 85449 6cf76250 RegOpenKeyExW 85447->85449 85450 6cf7652c 85447->85450 85448->85447 85449->85450 85451 6cf76277 RegQueryValueExW 85449->85451 85531 6cea0440 LoadStringW 85450->85531 85452 6cf762a1 85451->85452 85453 6cf762f0 RegQueryValueExW 85451->85453 85452->85453 85455 6cf762a7 RegQueryValueExW RegQueryValueExW 85452->85455 85456 6cf76405 RegQueryValueExW 85453->85456 85467 6cf76310 85453->85467 85455->85456 85460 6cf7650c RegCloseKey 85456->85460 85474 6cf76427 85456->85474 85457 6cf7653b 85458 6cf766cb 85457->85458 85459 6cf76549 85457->85459 85461 6cf766d5 85458->85461 85462 6cf766dc 85458->85462 85463 6cf765f8 85459->85463 85480 6cf76550 85459->85480 85460->85450 85464 6cf766d7 85461->85464 85465 6cf766ed 85461->85465 85545 6cea0440 LoadStringW 85462->85545 85468 6cf76613 85463->85468 85469 6cf76602 85463->85469 85464->85470 85483 6cf7671c GetSystemMetrics 85464->85483 85490 6cf7670b 85464->85490 85546 6cea0440 LoadStringW 85465->85546 85467->85456 85488 6cf7634e RegQueryValueExW 85467->85488 85471 6cf7662d 85468->85471 85472 6cf76619 85468->85472 85475 6cf76604 85469->85475 85476 6cf76641 85469->85476 85470->85439 85538 6cea0440 LoadStringW 85471->85538 85537 6cea0440 LoadStringW 85472->85537 85492 6cf76460 RegQueryValueExW 85474->85492 85477 6cf7666f 85475->85477 85503 6cf76607 85475->85503 85481 6cf76647 85476->85481 85482 6cf7665b 85476->85482 85486 6cf76675 85477->85486 85487 6cf76689 85477->85487 85480->85470 85493 6cf765c4 85480->85493 85494 6cf76570 85480->85494 85539 6cea0440 LoadStringW 85481->85539 85540 6cea0440 LoadStringW 85482->85540 85484 6cf76727 85483->85484 85485 6cf76738 85483->85485 85548 6cea0440 LoadStringW 85484->85548 85549 6cea0440 LoadStringW 85485->85549 85541 6cea0440 LoadStringW 85486->85541 85542 6cea0440 LoadStringW 85487->85542 85519 6cf76387 85488->85519 85547 6cea0440 LoadStringW 85490->85547 85496 6cf7647e 85492->85496 85501 6cf765e4 85493->85501 85502 6cf765d0 85493->85502 85504 6cf76590 85494->85504 85505 6cf7657c 85494->85505 85509 6cf764e2 85496->85509 85510 6cf76482 RegQueryValueExW 85496->85510 85536 6cea0440 LoadStringW 85501->85536 85535 6cea0440 LoadStringW 85502->85535 85503->85470 85512 6cf766a6 85503->85512 85513 6cf766ba 85503->85513 85507 6cf765b0 85504->85507 85508 6cf7659c 85504->85508 85532 6cea0440 LoadStringW 85505->85532 85534 6cea0440 LoadStringW 85507->85534 85533 6cea0440 LoadStringW 85508->85533 85509->85460 85510->85509 85520 6cf764a0 85510->85520 85543 6cea0440 LoadStringW 85512->85543 85544 6cea0440 LoadStringW 85513->85544 85519->85456 85521 6cf764c1 RegQueryValueExW 85520->85521 85521->85509 85523 6cf76930 85522->85523 85524 6cf76896 85522->85524 85550 6ce9e638 85524->85550 85530->85439 85531->85457 85532->85470 85533->85470 85534->85470 85535->85470 85536->85470 85537->85470 85538->85470 85539->85470 85540->85470 85541->85470 85542->85470 85543->85470 85544->85470 85545->85470 85546->85470 85547->85470 85548->85470 85549->85470 85551 6ce9e65a 85550->85551 85553 6ce9e664 85550->85553 85554 6ce9e318 85551->85554 85555 6ce9e335 85554->85555 85556 6ce9e349 GetModuleFileNameW 85555->85556 85557 6ce9e35e 85555->85557 85556->85557 85558 6ce9e523 85557->85558 85559 6ce9e386 RegOpenKeyExW 85557->85559 85560 6ce9e3ad RegOpenKeyExW 85559->85560 85561 6ce9e447 85559->85561 85560->85561 85562 6ce9e3cb RegOpenKeyExW 85560->85562 85563 6ce9e463 RegQueryValueExW 85561->85563 85562->85561 85564 6ce9e3e9 RegOpenKeyExW 85562->85564 85565 6ce9e4aa RegQueryValueExW 85563->85565 85566 6ce9e47d 85563->85566 85564->85561 85567 6ce9e407 RegOpenKeyExW 85564->85567 85568 6ce9e4a8 85565->85568 85569 6ce9e4c6 85565->85569 85571 6ce9e485 RegQueryValueExW 85566->85571 85567->85561 85570 6ce9e425 RegOpenKeyExW 85567->85570 85572 6ce9e510 RegCloseKey 85568->85572 85573 6ce9e4ce RegQueryValueExW 85569->85573 85570->85558 85570->85561 85571->85568 85572->85558 85573->85568 85574 6c96c390 85575 6c96c3a5 85574->85575 85576 6c96c39c FreeLibrary 85574->85576 85577 6c96c3af FreeLibrary 85575->85577 85578 6c96c3b8 __FrameHandler3::FrameUnwindToState 85575->85578 85576->85575 85577->85578 85579 6cf6f550 85580 6cf6f571 85579->85580 85595 6cebc3bc SetErrorMode 85580->85595 85598 6ce9ac7c 85595->85598 85599 6ce9ac80 LoadLibraryW 85598->85599 85600 6c971c70 85601 6c971e50 caerLog 85600->85601 85602 6c971cae 85600->85602 85603 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 85601->85603 85602->85601 85607 6c971cb6 85602->85607 85604 6c971e73 85603->85604 85606 6c971e49 85631 6c971e34 85607->85631 85632 6c994ca4 GetSystemTimeAsFileTime 85607->85632 85609 6c971d20 85634 6c99485c 85609->85634 85620 6c991f2e ___std_exception_copy 15 API calls 85621 6c971dd3 85620->85621 85622 6c964b30 44 API calls 85621->85622 85623 6c971df0 85622->85623 85624 6c971e03 85623->85624 85659 6c9954ae 85623->85659 85626 6c9954ae 64 API calls 85624->85626 85627 6c971e16 85624->85627 85626->85627 85665 6c991ba6 85627->85665 85630 6c991ba6 ___vcrt_freefls@4 14 API calls 85630->85631 85668 6c98e330 85631->85668 85633 6c994cdd __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 85632->85633 85633->85609 85675 6c9a09c2 85634->85675 85637 6c971d32 85639 6c991f2e 85637->85639 85640 6c99f0df 85639->85640 85641 6c99f11d 85640->85641 85642 6c99f108 HeapAlloc 85640->85642 85646 6c99f0f1 _strftime 85640->85646 85955 6c9958af 14 API calls __dosmaperr 85641->85955 85644 6c99f11b 85642->85644 85642->85646 85645 6c971d3b 85644->85645 85648 6c994c85 85645->85648 85646->85641 85646->85642 85954 6c99d252 EnterCriticalSection LeaveCriticalSection _strftime 85646->85954 85956 6c994b8a 85648->85956 85651 6c964af0 85652 6c964b09 85651->85652 86028 6c99458a 85652->86028 85655 6c964b30 85656 6c964b4a 85655->85656 85657 6c99458a 44 API calls 85656->85657 85658 6c964b58 85657->85658 85658->85620 85660 6c9954c1 __strnicoll 85659->85660 86056 6c9954e5 85660->86056 85663 6c991c09 __strnicoll 39 API calls 85664 6c9954e0 85663->85664 85664->85624 85666 6c99e9b0 __freea 14 API calls 85665->85666 85667 6c971e2e 85666->85667 85667->85630 85669 6c98e338 85668->85669 85670 6c98e339 IsProcessorFeaturePresent 85668->85670 85669->85606 85672 6c98ec05 85670->85672 86131 6c98ebc8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 85672->86131 85674 6c98ece8 85674->85606 85721 6c99eea5 GetLastError 85675->85721 85677 6c9a09ca 85678 6c9a09f1 85677->85678 85679 6c9a09d7 85677->85679 85682 6c994867 85677->85682 85751 6c9958af 14 API calls __dosmaperr 85678->85751 85744 6c99f0df 15 API calls 2 library calls 85679->85744 85682->85637 85686 6c9945cb 85682->85686 85683 6c9a09de 85745 6c99e9b0 85683->85745 85687 6c9945db 85686->85687 85688 6c9945ee 85686->85688 85789 6c9958af 14 API calls __dosmaperr 85687->85789 85689 6c994600 85688->85689 85699 6c994613 85688->85699 85791 6c9958af 14 API calls __dosmaperr 85689->85791 85692 6c9945e0 85790 6c991ecd 39 API calls __strnicoll 85692->85790 85693 6c994605 85792 6c991ecd 39 API calls __strnicoll 85693->85792 85694 6c994633 85793 6c9958af 14 API calls __dosmaperr 85694->85793 85695 6c994644 85770 6c9a1309 85695->85770 85699->85694 85699->85695 85703 6c99465b 85704 6c994851 85703->85704 85794 6c9a06ea 85703->85794 85785 6c991efa IsProcessorFeaturePresent 85704->85785 85707 6c99485b 85709 6c9a09c2 15 API calls 85707->85709 85708 6c99466d 85708->85704 85801 6c9a0716 85708->85801 85711 6c994867 85709->85711 85713 6c994876 85711->85713 85715 6c9945cb 45 API calls 85711->85715 85712 6c99467f 85712->85704 85714 6c994688 85712->85714 85713->85637 85716 6c99470d 85714->85716 85717 6c9946a9 85714->85717 85715->85713 85720 6c9945ea __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 85716->85720 85809 6c9a1366 39 API calls __FrameHandler3::FrameUnwindToState 85716->85809 85717->85720 85808 6c9a1366 39 API calls __FrameHandler3::FrameUnwindToState 85717->85808 85720->85637 85722 6c99eebb 85721->85722 85723 6c99eec1 85721->85723 85752 6c9a2ab9 6 API calls _unexpected 85722->85752 85727 6c99eec5 SetLastError 85723->85727 85753 6c9a2af8 6 API calls _unexpected 85723->85753 85726 6c99eedd 85726->85727 85754 6c9a33f6 85726->85754 85727->85677 85731 6c99ef0b 85764 6c9a2af8 6 API calls _unexpected 85731->85764 85732 6c99eefa 85763 6c9a2af8 6 API calls _unexpected 85732->85763 85735 6c99ef08 85741 6c99e9b0 __freea 12 API calls 85735->85741 85736 6c99ef17 85737 6c99ef1b 85736->85737 85738 6c99ef32 85736->85738 85765 6c9a2af8 6 API calls _unexpected 85737->85765 85766 6c99eb56 14 API calls _unexpected 85738->85766 85741->85727 85742 6c99ef3d 85743 6c99e9b0 __freea 12 API calls 85742->85743 85743->85727 85744->85683 85746 6c99e9e5 85745->85746 85747 6c99e9bb HeapFree 85745->85747 85746->85678 85746->85682 85747->85746 85748 6c99e9d0 GetLastError 85747->85748 85749 6c99e9dd __dosmaperr 85748->85749 85769 6c9958af 14 API calls __dosmaperr 85749->85769 85751->85682 85752->85723 85753->85726 85755 6c9a3403 85754->85755 85756 6c9a342e HeapAlloc 85755->85756 85757 6c9a3443 85755->85757 85760 6c9a3417 _strftime 85755->85760 85758 6c9a3441 85756->85758 85756->85760 85768 6c9958af 14 API calls __dosmaperr 85757->85768 85761 6c99eef2 85758->85761 85760->85756 85760->85757 85767 6c99d252 EnterCriticalSection LeaveCriticalSection _strftime 85760->85767 85761->85731 85761->85732 85763->85735 85764->85736 85765->85735 85766->85742 85767->85760 85768->85761 85769->85746 85771 6c9a1315 __FrameHandler3::FrameUnwindToState 85770->85771 85772 6c994649 85771->85772 85810 6c9a39c5 EnterCriticalSection 85771->85810 85778 6c9a06be 85772->85778 85774 6c9a1326 85777 6c9a133a 85774->85777 85811 6c9a1251 85774->85811 85823 6c9a135d LeaveCriticalSection __FrameHandler3::FrameUnwindToState 85777->85823 85779 6c9a06ca 85778->85779 85780 6c9a06df 85778->85780 85942 6c9958af 14 API calls __dosmaperr 85779->85942 85780->85703 85782 6c9a06cf 85943 6c991ecd 39 API calls __strnicoll 85782->85943 85784 6c9a06da 85784->85703 85786 6c991f06 85785->85786 85944 6c991cd1 85786->85944 85789->85692 85790->85720 85791->85693 85792->85720 85793->85720 85795 6c9a070b 85794->85795 85796 6c9a06f6 85794->85796 85795->85708 85950 6c9958af 14 API calls __dosmaperr 85796->85950 85798 6c9a06fb 85951 6c991ecd 39 API calls __strnicoll 85798->85951 85800 6c9a0706 85800->85708 85802 6c9a0722 85801->85802 85803 6c9a0737 85801->85803 85952 6c9958af 14 API calls __dosmaperr 85802->85952 85803->85712 85805 6c9a0727 85953 6c991ecd 39 API calls __strnicoll 85805->85953 85807 6c9a0732 85807->85712 85808->85720 85809->85720 85810->85774 85824 6c9a0da7 85811->85824 85814 6c9a12ad 85816 6c9a12aa 85814->85816 85896 6c9a10f7 85814->85896 85815 6c9a12a4 85835 6c9a0e65 85815->85835 85819 6c99e9b0 __freea 14 API calls 85816->85819 85820 6c9a12b8 85819->85820 85821 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 85820->85821 85822 6c9a12c5 85821->85822 85822->85777 85823->85772 85825 6c9a0dc6 _strftime 85824->85825 85826 6c9a0dcd 85825->85826 85827 6c9a0ddb 85825->85827 85826->85814 85826->85815 85928 6c99f0df 15 API calls 2 library calls 85827->85928 85829 6c9a0de7 _strftime 85831 6c9a0dee 85829->85831 85832 6c9a0e10 85829->85832 85830 6c99e9b0 __freea 14 API calls 85833 6c9a0df4 85830->85833 85831->85830 85834 6c99e9b0 __freea 14 API calls 85832->85834 85833->85826 85834->85833 85836 6c9a0e75 _strftime 85835->85836 85837 6c9a0716 _strftime 39 API calls 85836->85837 85838 6c9a0e96 85837->85838 85839 6c9a10ec 85838->85839 85840 6c9a06be _strftime 39 API calls 85838->85840 85841 6c991efa __strnicoll 11 API calls 85839->85841 85842 6c9a0ea8 85840->85842 85843 6c9a10f6 _strftime 85841->85843 85842->85839 85844 6c9a0efe 85842->85844 85847 6c9a0f1f 85842->85847 85846 6c9a0716 _strftime 39 API calls 85843->85846 85929 6c99f0df 15 API calls 2 library calls 85844->85929 85849 6c9a1124 85846->85849 85847->85816 85848 6c9a0f0f 85850 6c9a0f16 85848->85850 85851 6c9a0f24 85848->85851 85853 6c9a1246 85849->85853 85856 6c9a06be _strftime 39 API calls 85849->85856 85854 6c99e9b0 __freea 14 API calls 85850->85854 85852 6c99e9b0 __freea 14 API calls 85851->85852 85855 6c9a0f2f 85852->85855 85857 6c991efa __strnicoll 11 API calls 85853->85857 85858 6c9a0f1e 85854->85858 85930 6c9a3cf9 39 API calls 2 library calls 85855->85930 85859 6c9a1136 85856->85859 85860 6c9a1250 85857->85860 85858->85847 85859->85853 85863 6c9a06ea _strftime 39 API calls 85859->85863 85861 6c9a0da7 _strftime 15 API calls 85860->85861 85864 6c9a128a 85861->85864 85865 6c9a1148 85863->85865 85866 6c9a12ad 85864->85866 85869 6c9a12a4 85864->85869 85865->85853 85868 6c9a1151 85865->85868 85870 6c9a12aa 85866->85870 85871 6c9a10f7 _strftime 44 API calls 85866->85871 85867 6c9a10ce _strftime 85867->85839 85872 6c99e9b0 __freea 14 API calls 85868->85872 85873 6c9a0e65 _strftime 44 API calls 85869->85873 85874 6c99e9b0 __freea 14 API calls 85870->85874 85871->85870 85875 6c9a115c GetTimeZoneInformation 85872->85875 85873->85870 85876 6c9a12b8 85874->85876 85881 6c9a1220 _strftime 85875->85881 85883 6c9a1178 __FrameHandler3::FrameUnwindToState 85875->85883 85877 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 85876->85877 85878 6c9a12c5 85877->85878 85878->85816 85879 6c9a0f56 __FrameHandler3::FrameUnwindToState 85879->85867 85931 6c9a0e1e 45 API calls 5 library calls 85879->85931 85881->85816 85882 6c9a0fa6 85932 6c998645 40 API calls 2 library calls 85882->85932 85936 6c9a6c84 39 API calls 2 library calls 85883->85936 85886 6c9a11fb 85937 6c9a12c7 45 API calls 3 library calls 85886->85937 85888 6c9a120c 85938 6c9a12c7 45 API calls 3 library calls 85888->85938 85890 6c9a0fda 85891 6c9a106c 85890->85891 85933 6c998645 40 API calls 2 library calls 85890->85933 85891->85867 85935 6c9a0e1e 45 API calls 5 library calls 85891->85935 85894 6c9a1017 85894->85891 85934 6c998645 40 API calls 2 library calls 85894->85934 85897 6c9a1107 _strftime 85896->85897 85898 6c9a0716 _strftime 39 API calls 85897->85898 85899 6c9a1124 85898->85899 85900 6c9a1246 85899->85900 85901 6c9a06be _strftime 39 API calls 85899->85901 85902 6c991efa __strnicoll 11 API calls 85900->85902 85903 6c9a1136 85901->85903 85904 6c9a1250 85902->85904 85903->85900 85906 6c9a06ea _strftime 39 API calls 85903->85906 85905 6c9a0da7 _strftime 15 API calls 85904->85905 85907 6c9a128a 85905->85907 85908 6c9a1148 85906->85908 85909 6c9a12ad 85907->85909 85911 6c9a12a4 85907->85911 85908->85900 85910 6c9a1151 85908->85910 85912 6c9a12aa 85909->85912 85913 6c9a10f7 _strftime 44 API calls 85909->85913 85914 6c99e9b0 __freea 14 API calls 85910->85914 85915 6c9a0e65 _strftime 44 API calls 85911->85915 85916 6c99e9b0 __freea 14 API calls 85912->85916 85913->85912 85917 6c9a115c GetTimeZoneInformation 85914->85917 85915->85912 85918 6c9a12b8 85916->85918 85921 6c9a1220 _strftime 85917->85921 85922 6c9a1178 __FrameHandler3::FrameUnwindToState 85917->85922 85919 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 85918->85919 85920 6c9a12c5 85919->85920 85920->85816 85921->85816 85939 6c9a6c84 39 API calls 2 library calls 85922->85939 85924 6c9a11fb 85940 6c9a12c7 45 API calls 3 library calls 85924->85940 85926 6c9a120c 85941 6c9a12c7 45 API calls 3 library calls 85926->85941 85928->85829 85929->85848 85930->85879 85931->85882 85932->85890 85933->85894 85934->85891 85935->85867 85936->85886 85937->85888 85938->85881 85939->85924 85940->85926 85941->85921 85942->85782 85943->85784 85945 6c991ced __FrameHandler3::FrameUnwindToState 85944->85945 85946 6c991d19 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 85945->85946 85949 6c991dea __FrameHandler3::FrameUnwindToState 85946->85949 85947 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 85948 6c991e08 GetCurrentProcess TerminateProcess 85947->85948 85948->85707 85949->85947 85950->85798 85951->85800 85952->85805 85953->85807 85954->85646 85955->85645 85978 6c994a31 85956->85978 85959 6c994bc4 85986 6c9958af 14 API calls __dosmaperr 85959->85986 85961 6c994bc9 85987 6c991ecd 39 API calls __strnicoll 85961->85987 85962 6c994bd9 85988 6c9949f7 17 API calls _strftime 85962->85988 85965 6c994bf8 85966 6c994bff 85965->85966 85967 6c994c60 85965->85967 85989 6c99f0df 15 API calls 2 library calls 85966->85989 85968 6c971d4f 85967->85968 85970 6c99e9b0 __freea 14 API calls 85967->85970 85968->85651 85970->85968 85971 6c994c09 85972 6c994c4c 85971->85972 85990 6c9a25d3 48 API calls 3 library calls 85971->85990 85973 6c99e9b0 __freea 14 API calls 85972->85973 85975 6c994c5e 85973->85975 85975->85967 85976 6c994c23 85976->85972 85991 6c994a14 17 API calls _strftime 85976->85991 85979 6c994a4f 85978->85979 85985 6c994a48 85978->85985 85979->85985 85992 6c99ed54 GetLastError 85979->85992 85983 6c994a86 86020 6c99f45d 39 API calls __strnicoll 85983->86020 85985->85959 85985->85962 85986->85961 85987->85968 85988->85965 85989->85971 85990->85976 85991->85972 85993 6c99ed6a 85992->85993 85994 6c99ed70 85992->85994 86021 6c9a2ab9 6 API calls _unexpected 85993->86021 85998 6c99ed74 SetLastError 85994->85998 86022 6c9a2af8 6 API calls _unexpected 85994->86022 85997 6c99ed8c 85997->85998 86000 6c9a33f6 _unexpected 14 API calls 85997->86000 86002 6c99ee09 85998->86002 86003 6c994a70 85998->86003 86001 6c99eda1 86000->86001 86004 6c99eda9 86001->86004 86005 6c99edba 86001->86005 86027 6c99e8d8 39 API calls __FrameHandler3::FrameUnwindToState 86002->86027 86019 6c99f3ff 39 API calls __strnicoll 86003->86019 86023 6c9a2af8 6 API calls _unexpected 86004->86023 86024 6c9a2af8 6 API calls _unexpected 86005->86024 86010 6c99edb7 86015 6c99e9b0 __freea 14 API calls 86010->86015 86011 6c99edc6 86012 6c99edca 86011->86012 86013 6c99ede1 86011->86013 86025 6c9a2af8 6 API calls _unexpected 86012->86025 86026 6c99eb56 14 API calls _unexpected 86013->86026 86015->85998 86017 6c99edec 86018 6c99e9b0 __freea 14 API calls 86017->86018 86018->85998 86019->85983 86020->85985 86021->85994 86022->85997 86023->86010 86024->86011 86025->86010 86026->86017 86029 6c99459e __strnicoll 86028->86029 86034 6c991f94 86029->86034 86035 6c991fc0 86034->86035 86036 6c991fe3 86034->86036 86051 6c991e50 29 API calls __strnicoll 86035->86051 86036->86035 86040 6c991feb 86036->86040 86038 6c991fd8 86039 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86038->86039 86041 6c992106 86039->86041 86052 6c993165 44 API calls 2 library calls 86040->86052 86045 6c991c09 86041->86045 86043 6c99206c 86053 6c992c6c 14 API calls __freea 86043->86053 86046 6c991c15 86045->86046 86049 6c991c2c 86046->86049 86054 6c991cb4 39 API calls 2 library calls 86046->86054 86048 6c964b17 86048->85655 86049->86048 86055 6c991cb4 39 API calls 2 library calls 86049->86055 86051->86038 86052->86043 86053->86038 86054->86049 86055->86048 86058 6c9954f1 __FrameHandler3::FrameUnwindToState 86056->86058 86057 6c9954d3 86057->85663 86058->86057 86059 6c995532 86058->86059 86061 6c995578 86058->86061 86096 6c991e50 29 API calls __strnicoll 86059->86096 86067 6c9a2f06 EnterCriticalSection 86061->86067 86063 6c99557e 86064 6c99559c 86063->86064 86068 6c9955f6 86063->86068 86097 6c9955ee LeaveCriticalSection ___scrt_uninitialize_crt 86064->86097 86067->86063 86071 6c99561e 86068->86071 86091 6c995641 ___scrt_uninitialize_crt 86068->86091 86069 6c995622 86112 6c991e50 29 API calls __strnicoll 86069->86112 86071->86069 86072 6c99567d 86071->86072 86073 6c99569b 86072->86073 86113 6c9a322f 41 API calls ___scrt_uninitialize_crt 86072->86113 86098 6c99513b 86073->86098 86077 6c9956fa 86079 6c99570e 86077->86079 86080 6c995763 WriteFile 86077->86080 86078 6c9956b3 86081 6c9956bb 86078->86081 86082 6c9956e2 86078->86082 86083 6c99574f 86079->86083 86084 6c995716 86079->86084 86085 6c995785 GetLastError 86080->86085 86095 6c9956f5 86080->86095 86081->86091 86114 6c9950d3 6 API calls ___scrt_uninitialize_crt 86081->86114 86115 6c994d0c 45 API calls 4 library calls 86082->86115 86105 6c9951b8 86083->86105 86087 6c99573b 86084->86087 86088 6c99571b 86084->86088 86085->86095 86117 6c99537c 8 API calls 3 library calls 86087->86117 86088->86091 86092 6c995724 86088->86092 86091->86064 86116 6c995293 7 API calls 2 library calls 86092->86116 86095->86091 86096->86057 86097->86057 86118 6c9a2d62 86098->86118 86100 6c9951b1 86100->86077 86100->86078 86101 6c99517b 86101->86100 86104 6c995195 GetConsoleMode 86101->86104 86102 6c99514d 86102->86100 86102->86101 86127 6c9941f0 39 API calls 2 library calls 86102->86127 86104->86100 86109 6c9951c7 ___scrt_uninitialize_crt 86105->86109 86106 6c995278 86107 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86106->86107 86109->86106 86110 6c995237 WriteFile 86109->86110 86110->86109 86112->86091 86113->86073 86114->86091 86115->86095 86116->86091 86117->86095 86119 6c9a2d6f 86118->86119 86120 6c9a2d7c 86118->86120 86128 6c9958af 14 API calls __dosmaperr 86119->86128 86122 6c9a2d88 86120->86122 86129 6c9958af 14 API calls __dosmaperr 86120->86129 86122->86102 86124 6c9a2d74 86124->86102 86125 6c9a2da9 86130 6c991ecd 39 API calls __strnicoll 86125->86130 86127->86101 86128->86124 86129->86125 86130->86124 86131->85674 86132 6ce91000 86141 6ce932fd 86132->86141 86134 6ce9101b 86135 6ce9108f VirtualAlloc 86134->86135 86136 6ce910bd 86135->86136 86147 6ce9223b 86136->86147 86138 6ce910d8 86139 6ce9114b VirtualProtect 86138->86139 86140 6ce91162 86138->86140 86139->86138 86142 6ce93308 86141->86142 86153 6ce93186 86142->86153 86144 6ce933c8 86157 6ce93082 86144->86157 86146 6ce93434 86146->86134 86151 6ce9224d 86147->86151 86148 6ce9228c 86148->86138 86149 6ce922be GetModuleHandleA 86150 6ce922d9 LoadLibraryA 86149->86150 86149->86151 86150->86151 86151->86148 86151->86149 86152 6ce92362 GetProcAddress 86151->86152 86152->86151 86154 6ce93191 86153->86154 86155 6ce931a1 GetFileAttributesW 86154->86155 86156 6ce931b5 86155->86156 86156->86144 86158 6ce9308d 86157->86158 86159 6ce930f7 CreateFileW 86158->86159 86160 6ce93121 SetFilePointerEx 86159->86160 86163 6ce9311d 86159->86163 86161 6ce9314a GlobalAlloc ReadFile 86160->86161 86160->86163 86162 6ce9317b CloseHandle 86161->86162 86161->86163 86162->86163 86163->86146 86164 6c9d4cf0 86165 6c9d4d49 86164->86165 86166 6c9d4cf9 86164->86166 86167 6c9d4d05 lstrlen 86166->86167 86168 6c9d4d4c DialogBoxParamA 86167->86168 86169 6c9d4d1a lstrlen 86167->86169 86168->86165 86169->86168 86170 6c9d4d2f 86169->86170 86173 6c9d2382 59 API calls 86170->86173 86172 6c9d4d45 86172->86165 86173->86172 86174 6c9612b8 86175 6c9612dc caerDeviceOpen caerDeviceConfigSet 86174->86175 86176 6c96160a 86174->86176 86178 6c961313 caerDeviceDataGet 86175->86178 86177 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86176->86177 86180 6c961618 86177->86180 86178->86178 86179 6c961321 caerDeviceClose 86178->86179 86233 6c96162c 86179->86233 86187 6c9613d4 GetModuleFileNameW 86188 6c961405 86187->86188 86245 6c9618a6 86188->86245 86190 6c96138a 86285 6c98e110 76 API calls 86190->86285 86193 6c96139f 86286 6c98e140 76 API calls 86193->86286 86194 6c96145d 86252 6c96166d 86194->86252 86197 6c9613ba 86287 6c98e020 76 API calls 86197->86287 86199 6c9614b3 86256 6c961a2d 86199->86256 86200 6c96161c 86274 6c961147 86200->86274 86204 6c9613c3 86288 6c98e0b0 76 API calls 86204->86288 86206 6c9614da 86260 6c961743 86206->86260 86208 6c9613ca 86289 6c98e050 76 API calls 86208->86289 86212 6c9614e8 86214 6c96166d 39 API calls 86212->86214 86213 6c9613d1 86213->86187 86215 6c9614f2 86214->86215 86216 6c9618a6 78 API calls 86215->86216 86217 6c961533 86216->86217 86264 6c9611fb 86217->86264 86220 6c961555 86270 6c96164e 86220->86270 86222 6c96164e 39 API calls 86222->86220 86224 6c961593 LoadLibraryW 86226 6c9615b0 __InternalCxxFrameHandler __FrameHandler3::FrameUnwindToState 86224->86226 86227 6c9615d4 EnumWindows 86226->86227 86228 6c96166d 39 API calls 86227->86228 86229 6c9615e8 86228->86229 86230 6c96164e 39 API calls 86229->86230 86231 6c9615f1 86230->86231 86231->86176 86291 6c9619ba 39 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 86231->86291 86234 6c961635 86233->86234 86235 6c961335 86233->86235 86292 6c9619ba 39 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 86234->86292 86237 6c961698 86235->86237 86238 6c9616de 86237->86238 86240 6c961361 86237->86240 86293 6c961930 78 API calls 86238->86293 86241 6c98e080 86240->86241 86242 6c98e089 86241->86242 86244 6c96136d 86241->86244 86294 6c98e170 86242->86294 86244->86187 86284 6c98e110 76 API calls 86244->86284 86246 6c9618c1 86245->86246 86247 6c96192a 86245->86247 86251 6c9618c8 __InternalCxxFrameHandler 86246->86251 86312 6c961acd 41 API calls Concurrency::cancel_current_task 86246->86312 86248 6c961147 78 API calls 86247->86248 86249 6c96192f 86248->86249 86251->86194 86253 6c961466 SetCurrentDirectoryW LoadLibraryW 86252->86253 86254 6c961678 86252->86254 86253->86199 86253->86200 86313 6c9619ba 39 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 86254->86313 86257 6c961a62 86256->86257 86259 6c961a84 __InternalCxxFrameHandler 86256->86259 86314 6c961acd 41 API calls Concurrency::cancel_current_task 86257->86314 86259->86206 86261 6c96175d __InternalCxxFrameHandler 86260->86261 86262 6c961788 86260->86262 86261->86212 86315 6c9617cc 78 API calls __InternalCxxFrameHandler 86262->86315 86316 6c961afe 86264->86316 86266 6c961266 CreateFileW SetFilePointer ReadFile CloseHandle 86268 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86266->86268 86267 6c961234 __FrameHandler3::FrameUnwindToState 86267->86266 86269 6c9612b6 86268->86269 86269->86220 86269->86222 86271 6c961657 86270->86271 86272 6c96157a 86270->86272 86334 6c9619ba 39 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 86271->86334 86272->86224 86290 6c9619ba 39 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 86272->86290 86335 6c98e310 86274->86335 86284->86190 86285->86193 86286->86197 86287->86204 86288->86208 86289->86213 86290->86224 86291->86176 86292->86235 86293->86240 86295 6c98e218 GetProcAddress 86294->86295 86298 6c98e17f 86294->86298 86296 6c98e22a GetLastError FormatMessageA 86295->86296 86304 6c98e266 86295->86304 86297 6c98e25d 86296->86297 86311 6c98dff0 70 API calls 86297->86311 86299 6c98e190 LoadLibraryA 86298->86299 86300 6c98e1df 86298->86300 86299->86300 86302 6c98e1a7 GetLastError FormatMessageA 86299->86302 86300->86295 86303 6c98e1f8 86300->86303 86305 6c98e1d6 86302->86305 86310 6c98dff0 70 API calls 86303->86310 86304->86244 86309 6c98dff0 70 API calls 86305->86309 86308 6c98e211 86308->86244 86309->86300 86310->86308 86311->86304 86312->86251 86313->86253 86314->86259 86315->86261 86317 6c9610d0 Concurrency::cancel_current_task 86316->86317 86318 6c961b0f 86316->86318 86330 6c990557 RaiseException 86317->86330 86332 6c9610d0 41 API calls 5 library calls 86318->86332 86320 6c961b15 86322 6c961b1c 86320->86322 86333 6c991e19 39 API calls __strnicoll 86320->86333 86322->86267 86323 6c9610ec 86331 6c961040 40 API calls ___std_exception_copy 86323->86331 86326 6c9610fb 86326->86267 86327 6c991eec 86328 6c991efa __strnicoll 11 API calls 86327->86328 86329 6c991ef9 86328->86329 86330->86323 86331->86326 86332->86320 86333->86327 86334->86272 86340 6c98e2d6 40 API calls std::exception::exception 86335->86340 86337 6c98e321 86341 6c990557 RaiseException 86337->86341 86339 6c98e32f 86340->86337 86341->86339 86342 6ce955fc 86343 6ce95590 86342->86343 86344 6ce95605 VirtualAlloc 86343->86344 86345 6ce9561c 86344->86345 86346 6c98b3c0 86420 6c9958af 14 API calls __dosmaperr 86346->86420 86348 6c98b3fc __FrameHandler3::FrameUnwindToState 86421 6c965880 86348->86421 86350 6c98b418 86351 6c98b41c 86350->86351 86352 6c98b44d 86350->86352 86504 6c98a8c0 caerLogVAFull 86351->86504 86461 6c965670 74 API calls 86352->86461 86355 6c98b42a 86505 6c9958af 14 API calls __dosmaperr 86355->86505 86357 6c98b432 86358 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86357->86358 86361 6c98b449 86358->86361 86359 6c98b45c 86362 6c98b48c 86359->86362 86506 6c9656e0 75 API calls 86359->86506 86462 6c964c70 86362->86462 86364 6c98baec 86365 6c98bb1a 86364->86365 86366 6c98baf7 86364->86366 86478 6c965bf0 86365->86478 86525 6c9958af 14 API calls __dosmaperr 86366->86525 86371 6c98baff 86373 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86371->86373 86372 6c98bb22 86526 6c9958af 14 API calls __dosmaperr 86372->86526 86375 6c98bb16 86373->86375 86376 6c98bb2e 86377 6c98bb38 86376->86377 86527 6c9958af 14 API calls __dosmaperr 86376->86527 86528 6c9958af 14 API calls __dosmaperr 86377->86528 86380 6c98bb43 86381 6c98bb4d 86380->86381 86529 6c9958af 14 API calls __dosmaperr 86380->86529 86383 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86381->86383 86384 6c98bb64 86383->86384 86386 6c964b30 44 API calls 86392 6c98b4fd __InternalCxxFrameHandler 86386->86392 86387 6c98ba2f 86516 6c98a8c0 caerLogVAFull 86387->86516 86392->86364 86392->86386 86392->86387 86393 6c964fc0 104 API calls 86392->86393 86394 6c98ba68 86392->86394 86396 6c98a8c0 caerLogVAFull 86392->86396 86398 6c9958af 14 API calls __dosmaperr 86392->86398 86401 6c98bac6 86392->86401 86403 6c98ba56 86392->86403 86405 6c98ba2a 86392->86405 86406 6c9637d0 179 API calls 86392->86406 86407 6c98b8b9 CreateMutexA 86392->86407 86408 6c965570 77 API calls 86392->86408 86411 6c98ba7a 86392->86411 86414 6c98ba8c 86392->86414 86507 6c9645d0 74 API calls 86392->86507 86508 6c964ed0 87 API calls 2 library calls 86392->86508 86509 6c964760 179 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 86392->86509 86510 6c965350 179 API calls 86392->86510 86511 6c965460 74 API calls 86392->86511 86512 6c9654c0 76 API calls 86392->86512 86393->86392 86518 6c98a8c0 caerLogVAFull 86394->86518 86396->86392 86398->86392 86400 6c98ba4e 86523 6c9958af 14 API calls __dosmaperr 86400->86523 86522 6c98a8c0 caerLogVAFull 86401->86522 86517 6c98a8c0 caerLogVAFull 86403->86517 86524 6c964db0 83 API calls ___vcrt_freefls@4 86405->86524 86406->86392 86417 6c98b8d0 86407->86417 86419 6c98baab 86407->86419 86408->86392 86519 6c98a8c0 caerLogVAFull 86411->86519 86520 6c98a8c0 caerLogVAFull 86414->86520 86416 6c98ba9e 86521 6c98a8c0 caerLogVAFull 86416->86521 86417->86392 86417->86416 86513 6c965570 77 API calls 86417->86513 86514 6c964fc0 104 API calls ___vcrt_freefls@4 86417->86514 86515 6c9958af 14 API calls __dosmaperr 86417->86515 86419->86405 86420->86348 86422 6c965890 86421->86422 86423 6c9658c3 86422->86423 86424 6c9658b1 SleepEx 86422->86424 86425 6c9658fc 86423->86425 86426 6c9658cf 86423->86426 86424->86423 86424->86424 86427 6c965922 86425->86427 86429 6c965910 SleepEx 86425->86429 86428 6c966050 74 API calls 86426->86428 86435 6c965949 __FrameHandler3::FrameUnwindToState 86427->86435 86577 6c967600 QueryPerformanceFrequency QueryPerformanceCounter __aulldiv __aullrem 86427->86577 86430 6c9658e6 86428->86430 86429->86427 86429->86429 86430->86350 86432 6c965963 86432->86350 86433 6c96599e InitializeCriticalSection InitializeCriticalSection 86442 6c9659f7 86433->86442 86435->86432 86435->86433 86578 6c998315 42 API calls __strnicoll 86435->86578 86437 6c965a37 86438 6c965a67 86437->86438 86440 6c966050 74 API calls 86437->86440 86530 6c966050 86438->86530 86439 6c9656e0 75 API calls 86439->86442 86440->86438 86442->86437 86442->86439 86445 6c965b54 DeleteCriticalSection DeleteCriticalSection 86442->86445 86450 6c991ba6 ___vcrt_freefls@4 14 API calls 86445->86450 86446 6c965a96 86446->86445 86448 6c965ac3 86446->86448 86449 6c965ab1 SleepEx 86446->86449 86533 6c966e10 86448->86533 86449->86448 86449->86449 86452 6c965b87 86450->86452 86452->86350 86454 6c965afb 86456 6c965b22 86454->86456 86457 6c965b10 SleepEx 86454->86457 86455 6c965bd8 86455->86350 86580 6c961d30 86456->86580 86457->86456 86457->86457 86459 6c965b9d 86459->86455 86460 6c966050 74 API calls 86459->86460 86460->86455 86461->86359 86463 6c991f2e ___std_exception_copy 15 API calls 86462->86463 86464 6c964c78 86463->86464 86465 6c966050 74 API calls 86464->86465 86468 6c964ca7 86465->86468 86466 6c964cb1 86466->86392 86467 6c964cee 86839 6c96a3d0 86467->86839 86922 6c96ac45 86467->86922 86976 6c96aa1e SetupDiGetDeviceRegistryPropertyA 86467->86976 86468->86466 86468->86467 86469 6c966050 74 API calls 86468->86469 86469->86467 86470 6c964d8f 86471 6c991ba6 ___vcrt_freefls@4 14 API calls 86470->86471 86473 6c964d95 86471->86473 86473->86392 86474 6c964d0f __FrameHandler3::FrameUnwindToState 86474->86470 86474->86473 87053 6c964e10 83 API calls ___vcrt_freefls@4 86474->87053 86479 6c965c23 86478->86479 86480 6c965c0c 86478->86480 86482 6c965c86 86479->86482 86483 6c965c2b 86479->86483 86481 6c965c10 SleepEx 86480->86481 86481->86479 86481->86481 86485 6c966050 74 API calls 86482->86485 86484 6c965c33 86483->86484 86486 6c965c6b 86483->86486 86487 6c966050 74 API calls 86484->86487 86490 6c965c7e 86485->86490 86488 6c966050 74 API calls 86486->86488 86489 6c965c46 86487->86489 86488->86490 86489->86372 86491 6c965cb0 SleepEx 86490->86491 86493 6c965cc3 86490->86493 86491->86491 86491->86493 87316 6c967020 PostQueuedCompletionStatus 86493->87316 86495 6c961d30 89 API calls 86496 6c965d33 86495->86496 86497 6c965d70 86496->86497 86499 6c966050 74 API calls 86496->86499 86498 6c965d8d DeleteCriticalSection DeleteCriticalSection 86497->86498 86500 6c966050 74 API calls 86497->86500 86501 6c991ba6 ___vcrt_freefls@4 14 API calls 86498->86501 86499->86496 86502 6c965d8a 86500->86502 86503 6c965da5 86501->86503 86502->86498 86503->86372 86504->86355 86505->86357 86506->86362 86507->86392 86508->86392 86509->86392 86510->86392 86511->86392 86512->86392 86513->86417 86514->86417 86515->86417 86516->86400 86517->86405 86518->86400 86519->86405 86520->86405 86521->86419 86522->86400 86523->86405 86524->86364 86525->86371 86526->86376 86527->86377 86528->86380 86529->86381 86602 6c965db0 86530->86602 86534 6c966e2d 86533->86534 86535 6c966f38 CreateIoCompletionPort 86533->86535 86679 6c966780 82 API calls 2 library calls 86534->86679 86537 6c966f7e 86535->86537 86538 6c966f5f 86535->86538 86664 6c9984b0 86537->86664 86680 6c966300 48 API calls 86538->86680 86539 6c966e32 86545 6c966e3b 86539->86545 86547 6c966e66 86539->86547 86542 6c966f91 86544 6c966f9e 86542->86544 86558 6c966f79 86542->86558 86543 6c966f66 86546 6c966050 74 API calls 86543->86546 86550 6c966050 74 API calls 86544->86550 86551 6c966050 74 API calls 86545->86551 86546->86558 86548 6c966ec0 InitializeCriticalSection 86547->86548 86549 6c966e6f 86547->86549 86556 6c966050 74 API calls 86548->86556 86552 6c966050 74 API calls 86549->86552 86553 6c966fb0 CloseHandle 86550->86553 86555 6c966e4d 86551->86555 86557 6c966e81 86552->86557 86553->86558 86554 6c965aee 86554->86454 86554->86459 86555->86558 86559 6c966ee2 __FrameHandler3::FrameUnwindToState 86556->86559 86560 6c966e84 86557->86560 86558->86554 86561 6c966ff3 86558->86561 86563 6c966fe2 FreeLibrary 86558->86563 86559->86560 86566 6c966f04 86559->86566 86629 6c968be0 86560->86629 86564 6c967004 86561->86564 86681 6c968c60 DeleteCriticalSection FreeLibrary FreeLibrary FreeLibrary 86561->86681 86563->86561 86682 6c9664c0 15 API calls ___vcrt_freefls@4 86564->86682 86569 6c966050 74 API calls 86566->86569 86567 6c966e8a 86567->86558 86639 6c9709c0 86567->86639 86569->86555 86571 6c966e9f 86572 6c966ea6 86571->86572 86573 6c966f23 86571->86573 86575 6c966050 74 API calls 86572->86575 86574 6c966050 74 API calls 86573->86574 86576 6c966eb8 86574->86576 86575->86576 86576->86535 86577->86435 86578->86433 86579 6c961b50 101 API calls 86579->86446 86581 6c961d43 86580->86581 86601 6c961d6c 86580->86601 86821 6c963610 86581->86821 86583 6c963610 82 API calls 86585 6c961d79 CloseHandle 86583->86585 86584 6c961d48 CloseHandle 86586 6c961d51 86584->86586 86584->86601 86587 6c961d82 86585->86587 86588 6c961da0 DeleteCriticalSection DeleteCriticalSection DeleteCriticalSection DeleteCriticalSection TlsFree 86585->86588 86836 6c966300 48 API calls 86586->86836 86837 6c966300 48 API calls 86587->86837 86589 6c961e24 86588->86589 86600 6c961def 86588->86600 86593 6c991ba6 ___vcrt_freefls@4 14 API calls 86589->86593 86592 6c961d58 86597 6c966050 74 API calls 86592->86597 86598 6c961e2f 86593->86598 86594 6c961d89 86595 6c966050 74 API calls 86594->86595 86599 6c961d9d 86595->86599 86596 6c991ba6 ___vcrt_freefls@4 14 API calls 86596->86600 86597->86601 86598->86445 86599->86588 86600->86589 86600->86596 86601->86583 86603 6c965dee 86602->86603 86609 6c965dea 86602->86609 86603->86609 86624 6c998315 42 API calls __strnicoll 86603->86624 86604 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86605 6c965a8c 86604->86605 86605->86579 86606 6c965e65 86617 6c965e81 86606->86617 86620 6c965eaf 86606->86620 86625 6c99772c 67 API calls __strnicoll 86606->86625 86607 6c965f49 86610 6c964b30 44 API calls 86607->86610 86609->86606 86609->86607 86623 6c965feb 86609->86623 86616 6c965f44 86610->86616 86612 6c965edd GetCurrentThreadId 86614 6c964b30 44 API calls 86612->86614 86614->86616 86618 6c99458a 44 API calls 86616->86618 86617->86620 86626 6c99772c 67 API calls __strnicoll 86617->86626 86621 6c965fa2 86618->86621 86627 6c967600 QueryPerformanceFrequency QueryPerformanceCounter __aulldiv __aullrem 86620->86627 86621->86623 86628 6c99772c 67 API calls __strnicoll 86621->86628 86623->86604 86624->86609 86625->86617 86626->86620 86627->86612 86628->86623 86683 6c967ae0 86629->86683 86631 6c968bec 86632 6c968bf0 86631->86632 86633 6c968c0c 86631->86633 86634 6c966050 74 API calls 86632->86634 86636 6c968c45 InitializeCriticalSection 86633->86636 86637 6c966050 74 API calls 86633->86637 86733 6c9663f0 GetSystemDirectoryA 86633->86733 86635 6c968c02 86634->86635 86635->86567 86636->86567 86637->86633 86640 6c9663f0 76 API calls 86639->86640 86641 6c9709d5 86640->86641 86642 6c9709db 86641->86642 86643 6c9709f9 GetProcAddress 86641->86643 86646 6c966050 74 API calls 86642->86646 86644 6c970a11 86643->86644 86645 6c970a1d GetProcAddress 86643->86645 86650 6c966050 74 API calls 86644->86650 86645->86644 86648 6c970a39 GetProcAddress 86645->86648 86647 6c9709ed 86646->86647 86647->86571 86648->86644 86649 6c970a53 OpenSCManagerA 86648->86649 86651 6c970a95 86649->86651 86652 6c970a63 86649->86652 86653 6c970a7e FreeLibrary 86650->86653 86655 6c970ab3 GetLastError 86651->86655 86656 6c970af1 FreeLibrary 86651->86656 86749 6c966300 48 API calls 86652->86749 86653->86571 86657 6c970ac0 86655->86657 86658 6c970add FreeLibrary 86655->86658 86750 6c966300 48 API calls 86657->86750 86658->86571 86661 6c970ac7 86662 6c966050 74 API calls 86661->86662 86663 6c970ada 86662->86663 86663->86658 86665 6c9984bd 86664->86665 86666 6c9984d1 86664->86666 86760 6c9958af 14 API calls __dosmaperr 86665->86760 86751 6c998460 86666->86751 86669 6c9984c2 86761 6c991ecd 39 API calls __strnicoll 86669->86761 86671 6c9984e6 CreateThread 86673 6c998511 86671->86673 86674 6c998505 GetLastError 86671->86674 86771 6c998354 86671->86771 86763 6c9983d2 86673->86763 86762 6c995855 14 API calls __dosmaperr 86674->86762 86675 6c9984cd 86675->86542 86678 6c99851c 86678->86542 86679->86539 86680->86543 86681->86564 86682->86554 86684 6c9663f0 76 API calls 86683->86684 86685 6c967aef 86684->86685 86686 6c967e3e 86685->86686 86687 6c967aff GetProcAddress 86685->86687 86686->86631 86688 6c967b16 GetProcAddress 86687->86688 86689 6c967b3c GetProcAddress 86687->86689 86688->86689 86690 6c967b27 GetProcAddress 86688->86690 86691 6c967b53 GetProcAddress 86689->86691 86692 6c967b79 86689->86692 86690->86686 86690->86689 86691->86692 86693 6c967b64 GetProcAddress 86691->86693 86694 6c9663f0 76 API calls 86692->86694 86693->86686 86693->86692 86695 6c967b85 86694->86695 86695->86686 86696 6c967b95 GetProcAddress 86695->86696 86697 6c967ba6 GetProcAddress 86696->86697 86698 6c967bcc GetProcAddress 86696->86698 86697->86698 86699 6c967bb7 GetProcAddress 86697->86699 86700 6c967be3 GetProcAddress 86698->86700 86701 6c967c09 86698->86701 86699->86686 86699->86698 86700->86701 86703 6c967bf4 GetProcAddress 86700->86703 86702 6c9663f0 76 API calls 86701->86702 86704 6c967c15 86702->86704 86703->86686 86703->86701 86704->86686 86705 6c967c25 GetProcAddress 86704->86705 86706 6c967c36 GetProcAddress 86705->86706 86707 6c967c5c GetProcAddress 86705->86707 86706->86707 86708 6c967c47 GetProcAddress 86706->86708 86709 6c967c73 GetProcAddress 86707->86709 86710 6c967c99 GetProcAddress 86707->86710 86708->86686 86708->86707 86709->86710 86711 6c967c84 GetProcAddress 86709->86711 86712 6c967cd6 GetProcAddress 86710->86712 86713 6c967cb0 GetProcAddress 86710->86713 86711->86686 86711->86710 86715 6c967d13 GetProcAddress 86712->86715 86716 6c967ced GetProcAddress 86712->86716 86713->86712 86714 6c967cc1 GetProcAddress 86713->86714 86714->86686 86714->86712 86717 6c967d50 GetProcAddress 86715->86717 86718 6c967d2a GetProcAddress 86715->86718 86716->86715 86719 6c967cfe GetProcAddress 86716->86719 86721 6c967d67 GetProcAddress 86717->86721 86722 6c967d8d GetProcAddress 86717->86722 86718->86717 86720 6c967d3b GetProcAddress 86718->86720 86719->86686 86719->86715 86720->86686 86720->86717 86721->86722 86723 6c967d78 GetProcAddress 86721->86723 86724 6c967dc6 GetProcAddress 86722->86724 86725 6c967da4 GetProcAddress 86722->86725 86723->86686 86723->86722 86727 6c967dff GetProcAddress 86724->86727 86728 6c967ddd GetProcAddress 86724->86728 86725->86724 86726 6c967db5 GetProcAddress 86725->86726 86726->86686 86726->86724 86730 6c967e16 GetProcAddress 86727->86730 86731 6c967e38 86727->86731 86728->86727 86729 6c967dee GetProcAddress 86728->86729 86729->86686 86729->86727 86730->86731 86732 6c967e27 GetProcAddress 86730->86732 86731->86631 86732->86686 86732->86731 86735 6c966421 86733->86735 86738 6c966445 86733->86738 86734 6c966050 74 API calls 86736 6c966496 86734->86736 86735->86735 86735->86738 86739 6c96644c 86735->86739 86737 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86736->86737 86740 6c9664ac 86737->86740 86738->86734 86745 6c9662c0 86739->86745 86740->86633 86743 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86744 6c96647d 86743->86744 86744->86633 86746 6c9662d9 86745->86746 86747 6c99458a 44 API calls 86746->86747 86748 6c9662e7 LoadLibraryA 86747->86748 86748->86743 86749->86644 86750->86661 86752 6c9a33f6 _unexpected 14 API calls 86751->86752 86753 6c998471 86752->86753 86754 6c99e9b0 __freea 14 API calls 86753->86754 86755 6c99847e 86754->86755 86756 6c9984a2 86755->86756 86757 6c998485 GetModuleHandleExW 86755->86757 86758 6c9983d2 16 API calls 86756->86758 86757->86756 86759 6c9984aa 86758->86759 86759->86671 86759->86673 86760->86669 86761->86675 86762->86673 86764 6c9983de 86763->86764 86765 6c998402 86763->86765 86766 6c9983ed 86764->86766 86767 6c9983e4 CloseHandle 86764->86767 86765->86678 86768 6c9983fc 86766->86768 86769 6c9983f3 FreeLibrary 86766->86769 86767->86766 86770 6c99e9b0 __freea 14 API calls 86768->86770 86769->86768 86770->86765 86772 6c998360 __FrameHandler3::FrameUnwindToState 86771->86772 86773 6c998374 86772->86773 86774 6c998367 GetLastError ExitThread 86772->86774 86775 6c99ed54 _unexpected 39 API calls 86773->86775 86776 6c998379 86775->86776 86785 6c9a3a49 86776->86785 86779 6c998390 86789 6c998533 86779->86789 86786 6c998384 86785->86786 86787 6c9a3a59 __FrameHandler3::FrameUnwindToState 86785->86787 86786->86779 86792 6c9a2caf 5 API calls _unexpected 86786->86792 86787->86786 86793 6c9a297f 86787->86793 86811 6c998409 86789->86811 86792->86779 86796 6c9a28ba 86793->86796 86797 6c9a28ea 86796->86797 86798 6c9a28e6 86796->86798 86797->86798 86803 6c9a27ef 86797->86803 86798->86786 86801 6c9a2904 GetProcAddress 86801->86798 86802 6c9a2914 _unexpected 86801->86802 86802->86798 86809 6c9a2800 ___vcrt_InitializeCriticalSectionEx 86803->86809 86804 6c9a2896 86804->86798 86804->86801 86805 6c9a281e LoadLibraryExW 86806 6c9a2839 GetLastError 86805->86806 86807 6c9a289d 86805->86807 86806->86809 86807->86804 86808 6c9a28af FreeLibrary 86807->86808 86808->86804 86809->86804 86809->86805 86810 6c9a286c LoadLibraryExW 86809->86810 86810->86807 86810->86809 86812 6c99eea5 __dosmaperr 14 API calls 86811->86812 86814 6c998414 86812->86814 86813 6c998456 ExitThread 86814->86813 86815 6c99842d 86814->86815 86820 6c9a2cea 5 API calls _unexpected 86814->86820 86817 6c998440 86815->86817 86818 6c998439 CloseHandle 86815->86818 86817->86813 86819 6c99844c FreeLibraryAndExitThread 86817->86819 86818->86817 86819->86813 86820->86815 86822 6c966050 74 API calls 86821->86822 86823 6c96362a EnterCriticalSection 86822->86823 86824 6c96365e 86823->86824 86825 6c96364d 86823->86825 86826 6c966050 74 API calls 86824->86826 86825->86824 86828 6c96367f 86825->86828 86827 6c963671 86826->86827 86829 6c963674 LeaveCriticalSection 86827->86829 86828->86829 86830 6c9636c0 SetEvent 86828->86830 86829->86584 86830->86829 86831 6c9636cd 86830->86831 86838 6c966300 48 API calls 86831->86838 86833 6c9636d4 86834 6c966050 74 API calls 86833->86834 86835 6c9636e8 LeaveCriticalSection 86834->86835 86835->86584 86836->86592 86837->86594 86838->86833 86840 6c991f2e ___std_exception_copy 15 API calls 86839->86840 86841 6c96a468 86840->86841 86842 6c96a473 86841->86842 86843 6c96a4a0 86841->86843 86844 6c966050 74 API calls 86842->86844 86846 6c991f2e ___std_exception_copy 15 API calls 86843->86846 86845 6c96a485 86844->86845 86847 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86845->86847 86848 6c96a4eb 86846->86848 86849 6c96a49c 86847->86849 86850 6c96a4f6 86848->86850 86851 6c96a52e SetupDiGetClassDevsA 86848->86851 86849->86474 86852 6c966050 74 API calls 86850->86852 86853 6c96a545 86851->86853 86905 6c96a594 __FrameHandler3::FrameUnwindToState 86851->86905 86854 6c96a508 86852->86854 87054 6c966300 48 API calls 86853->87054 86856 6c991ba6 ___vcrt_freefls@4 14 API calls 86854->86856 86859 6c96a511 86856->86859 86857 6c96b5c0 SetupDiDestroyDeviceInfoList 86860 6c96b5d7 86857->86860 86861 6c96b5f4 86857->86861 86858 6c96a54c 86862 6c966050 74 API calls 86858->86862 86864 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86859->86864 86860->86861 86870 6c991ba6 ___vcrt_freefls@4 14 API calls 86860->86870 86866 6c991ba6 ___vcrt_freefls@4 14 API calls 86861->86866 86863 6c96a55f 86862->86863 86868 6c991ba6 ___vcrt_freefls@4 14 API calls 86863->86868 86869 6c96a52a 86864->86869 86865 6c9662c0 44 API calls 86865->86905 86867 6c96b5fd 86866->86867 86874 6c991ba6 ___vcrt_freefls@4 14 API calls 86867->86874 86893 6c96b624 86867->86893 86871 6c96a56b 86868->86871 86869->86474 86870->86860 86872 6c991ba6 ___vcrt_freefls@4 14 API calls 86871->86872 86875 6c96a577 86872->86875 86873 6c96b6fe 86876 6c991ba6 ___vcrt_freefls@4 14 API calls 86873->86876 86874->86867 86877 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86875->86877 86878 6c96b707 86876->86878 86880 6c96a590 86877->86880 86881 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86878->86881 86879 6c991ba6 ___vcrt_freefls@4 14 API calls 86879->86905 86880->86474 86883 6c96b71f 86881->86883 86882 6c966050 74 API calls 86882->86893 86883->86474 86885 6c96a837 SetupDiGetDeviceInstanceIdA 86885->86905 86887 6c96a76b SetupDiGetClassDevsA 86887->86905 86888 6c96a7a9 SetupDiEnumDeviceInfo 86889 6c96a7ca GetLastError 86888->86889 86888->86905 86890 6c96a7f9 SetupDiDestroyDeviceInfoList 86889->86890 86889->86905 86890->86905 86891 6c96b691 EnterCriticalSection LeaveCriticalSection 87174 6c967730 81 API calls __FrameHandler3::FrameUnwindToState 86891->87174 86893->86873 86893->86882 86893->86891 86897 6c991ba6 ___vcrt_freefls@4 14 API calls 86893->86897 87173 6c964e10 83 API calls ___vcrt_freefls@4 86893->87173 86894 6c96a8c6 SetupDiGetDeviceRegistryPropertyA 86894->86905 86895 6c96ac57 SetupDiGetDeviceRegistryPropertyA 86895->86905 86896 6c966050 74 API calls 86896->86905 86897->86893 86898 6c96ae07 EnterCriticalSection 86900 6c96ae57 LeaveCriticalSection 86898->86900 86898->86905 86899 6c968600 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 86899->86905 86900->86905 86901 6c96ad38 EnterCriticalSection 86901->86905 86903 6c96ad7c LeaveCriticalSection 86903->86905 86904 6c96ae3f LeaveCriticalSection 86904->86905 86905->86857 86905->86865 86905->86879 86905->86885 86905->86887 86905->86888 86905->86890 86905->86894 86905->86895 86905->86896 86905->86898 86905->86899 86905->86900 86905->86901 86905->86903 86905->86904 86906 6c964e10 83 API calls 86905->86906 86907 6c96ad67 LeaveCriticalSection 86905->86907 86908 6c998541 40 API calls 86905->86908 86909 6c966300 48 API calls 86905->86909 86912 6c96affa EnterCriticalSection LeaveCriticalSection 86905->86912 86916 6c9698c0 45 API calls 86905->86916 86918 6c966050 74 API calls 86905->86918 87055 6c967e50 88 API calls 3 library calls 86905->87055 87056 6c9699f0 86905->87056 87072 6c9958cd 16 API calls 3 library calls 86905->87072 87075 6c964c10 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 86905->87075 87076 6c967ab0 42 API calls 86905->87076 87077 6c969370 86905->87077 87171 6c964b70 84 API calls ___vcrt_freefls@4 86905->87171 87172 6c969d00 75 API calls 4 library calls 86905->87172 86906->86905 86907->86905 86908->86905 86909->86905 87074 6c967730 81 API calls __FrameHandler3::FrameUnwindToState 86912->87074 86916->86905 86920 6c96af5b EnterCriticalSection LeaveCriticalSection 86918->86920 87073 6c967730 81 API calls __FrameHandler3::FrameUnwindToState 86920->87073 86940 6c96a5a0 __FrameHandler3::FrameUnwindToState 86922->86940 86923 6c96ae07 EnterCriticalSection 86925 6c96ae57 LeaveCriticalSection 86923->86925 86923->86940 86924 6c968600 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 86924->86940 86925->86940 86926 6c96ad38 EnterCriticalSection 86926->86940 86927 6c96ad7c LeaveCriticalSection 86927->86940 86928 6c96ae3f LeaveCriticalSection 86928->86940 86929 6c964e10 83 API calls 86929->86940 86930 6c96ad67 LeaveCriticalSection 86930->86940 86931 6c991ba6 ___vcrt_freefls@4 14 API calls 86931->86940 86932 6c969370 103 API calls 86932->86940 86934 6c96affa EnterCriticalSection LeaveCriticalSection 87251 6c967730 81 API calls __FrameHandler3::FrameUnwindToState 86934->87251 86938 6c96b5c0 SetupDiDestroyDeviceInfoList 86943 6c96b5d7 86938->86943 86944 6c96b5f4 86938->86944 86940->86923 86940->86924 86940->86925 86940->86926 86940->86927 86940->86928 86940->86929 86940->86930 86940->86931 86940->86932 86940->86934 86940->86938 86941 6c9698c0 45 API calls 86940->86941 86942 6c96a837 SetupDiGetDeviceInstanceIdA 86940->86942 86946 6c966050 74 API calls 86940->86946 86947 6c966050 74 API calls 86940->86947 86949 6c96a76b SetupDiGetClassDevsA 86940->86949 86950 6c96a7a9 SetupDiEnumDeviceInfo 86940->86950 86953 6c9662c0 44 API calls 86940->86953 86958 6c966300 48 API calls 86940->86958 86959 6c96a7f9 SetupDiDestroyDeviceInfoList 86940->86959 86960 6c998541 40 API calls 86940->86960 86964 6c96a8c6 SetupDiGetDeviceRegistryPropertyA 86940->86964 86965 6c96ac57 SetupDiGetDeviceRegistryPropertyA 86940->86965 86971 6c9699f0 81 API calls 86940->86971 87248 6c967e50 88 API calls 3 library calls 86940->87248 87249 6c9958cd 16 API calls 3 library calls 86940->87249 87252 6c964c10 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 86940->87252 87253 6c967ab0 42 API calls 86940->87253 87254 6c964b70 84 API calls ___vcrt_freefls@4 86940->87254 87255 6c969d00 75 API calls 4 library calls 86940->87255 86941->86940 86942->86940 86943->86944 86956 6c991ba6 ___vcrt_freefls@4 14 API calls 86943->86956 86951 6c991ba6 ___vcrt_freefls@4 14 API calls 86944->86951 86946->86940 86954 6c96af5b EnterCriticalSection LeaveCriticalSection 86947->86954 86949->86940 86950->86940 86955 6c96a7ca GetLastError 86950->86955 86952 6c96b5fd 86951->86952 86962 6c991ba6 ___vcrt_freefls@4 14 API calls 86952->86962 86966 6c96b624 86952->86966 86953->86940 87250 6c967730 81 API calls __FrameHandler3::FrameUnwindToState 86954->87250 86955->86940 86955->86959 86956->86943 86958->86940 86959->86940 86960->86940 86961 6c96b6fe 86963 6c991ba6 ___vcrt_freefls@4 14 API calls 86961->86963 86962->86952 86967 6c96b707 86963->86967 86964->86940 86965->86940 86966->86961 86969 6c966050 74 API calls 86966->86969 86973 6c96b691 EnterCriticalSection LeaveCriticalSection 86966->86973 86975 6c991ba6 ___vcrt_freefls@4 14 API calls 86966->86975 87256 6c964e10 83 API calls ___vcrt_freefls@4 86966->87256 86968 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 86967->86968 86970 6c96b71f 86968->86970 86969->86966 86970->86474 86971->86940 87257 6c967730 81 API calls __FrameHandler3::FrameUnwindToState 86973->87257 86975->86966 86977 6c96aa3b GetLastError 86976->86977 86978 6c96aa75 86976->86978 86977->86978 86979 6c96aa46 86977->86979 87258 6c96a0b0 SetupDiOpenDevRegKey 86978->87258 86981 6c966050 74 API calls 86979->86981 86983 6c96aa60 86981->86983 86982 6c96aa9b 86984 6c96ac05 86982->86984 86991 6c96aaac 86982->86991 86985 6c966050 74 API calls 86983->86985 86990 6c966050 74 API calls 86984->86990 87009 6c96a5a0 __FrameHandler3::FrameUnwindToState 86984->87009 86985->86978 86986 6c96abef 86989 6c991ba6 ___vcrt_freefls@4 14 API calls 86986->86989 86987 6c96aaed 86988 6c96aaf1 86987->86988 86993 6c9662c0 44 API calls 86987->86993 86995 6c966050 74 API calls 86988->86995 86989->87009 86990->87009 86991->86986 86991->86987 86992 6c96ae07 EnterCriticalSection 86994 6c96ae57 LeaveCriticalSection 86992->86994 86992->87009 86993->86988 86994->87009 86997 6c96ab6c 86995->86997 86996 6c991ba6 ___vcrt_freefls@4 14 API calls 86996->87009 86997->87009 87304 6c9958cd 16 API calls 3 library calls 86997->87304 86998 6c96ad38 EnterCriticalSection 86998->87009 86999 6c96ad7c LeaveCriticalSection 86999->87009 87002 6c96ae3f LeaveCriticalSection 87002->87009 87003 6c96b5c0 SetupDiDestroyDeviceInfoList 87007 6c96b5d7 87003->87007 87008 6c96b5f4 87003->87008 87004 6c96a837 SetupDiGetDeviceInstanceIdA 87004->87009 87005 6c96ab8c 87005->87009 87019 6c966050 74 API calls 87005->87019 87006 6c96ad67 LeaveCriticalSection 87006->87009 87007->87008 87020 6c991ba6 ___vcrt_freefls@4 14 API calls 87007->87020 87013 6c991ba6 ___vcrt_freefls@4 14 API calls 87008->87013 87009->86992 87009->86994 87009->86996 87009->86998 87009->86999 87009->87002 87009->87003 87009->87004 87009->87006 87010 6c96a76b SetupDiGetClassDevsA 87009->87010 87011 6c96a7a9 SetupDiEnumDeviceInfo 87009->87011 87012 6c968600 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 87009->87012 87014 6c9662c0 44 API calls 87009->87014 87016 6c96affa EnterCriticalSection LeaveCriticalSection 87009->87016 87018 6c969370 103 API calls 87009->87018 87024 6c96a7f9 SetupDiDestroyDeviceInfoList 87009->87024 87026 6c9698c0 45 API calls 87009->87026 87029 6c966300 48 API calls 87009->87029 87032 6c966050 74 API calls 87009->87032 87036 6c96a8c6 SetupDiGetDeviceRegistryPropertyA 87009->87036 87037 6c96ac57 SetupDiGetDeviceRegistryPropertyA 87009->87037 87042 6c998541 40 API calls 87009->87042 87045 6c964e10 83 API calls 87009->87045 87046 6c966050 74 API calls 87009->87046 87047 6c9699f0 81 API calls 87009->87047 87303 6c967e50 88 API calls 3 library calls 87009->87303 87305 6c9958cd 16 API calls 3 library calls 87009->87305 87308 6c964c10 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 87009->87308 87309 6c967ab0 42 API calls 87009->87309 87310 6c964b70 84 API calls ___vcrt_freefls@4 87009->87310 87311 6c969d00 75 API calls 4 library calls 87009->87311 87010->87009 87011->87009 87017 6c96a7ca GetLastError 87011->87017 87012->87009 87027 6c96b5fd 87013->87027 87014->87009 87307 6c967730 81 API calls __FrameHandler3::FrameUnwindToState 87016->87307 87017->87009 87017->87024 87018->87009 87025 6c96aba5 87019->87025 87020->87007 87024->87009 87030 6c991ba6 ___vcrt_freefls@4 14 API calls 87025->87030 87026->87009 87031 6c991ba6 ___vcrt_freefls@4 14 API calls 87027->87031 87051 6c96b624 87027->87051 87028 6c96b6fe 87033 6c991ba6 ___vcrt_freefls@4 14 API calls 87028->87033 87029->87009 87030->87009 87031->87027 87038 6c96af5b EnterCriticalSection LeaveCriticalSection 87032->87038 87039 6c96b707 87033->87039 87036->87009 87037->87009 87306 6c967730 81 API calls __FrameHandler3::FrameUnwindToState 87038->87306 87041 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87039->87041 87044 6c96b71f 87041->87044 87042->87009 87043 6c966050 74 API calls 87043->87051 87044->86474 87045->87009 87046->87009 87047->87009 87049 6c96b691 EnterCriticalSection LeaveCriticalSection 87313 6c967730 81 API calls __FrameHandler3::FrameUnwindToState 87049->87313 87051->87028 87051->87043 87051->87049 87052 6c991ba6 ___vcrt_freefls@4 14 API calls 87051->87052 87312 6c964e10 83 API calls ___vcrt_freefls@4 87051->87312 87052->87051 87053->86474 87054->86858 87055->86905 87061 6c969a4b __FrameHandler3::FrameUnwindToState 87056->87061 87057 6c969ae4 SetupDiGetDeviceRegistryPropertyA 87058 6c969b68 GetLastError 87057->87058 87057->87061 87058->87061 87060 6c969ba8 87065 6c998595 40 API calls 87060->87065 87068 6c991ba6 14 API calls ___vcrt_freefls@4 87060->87068 87069 6c969c89 87060->87069 87071 6c969c74 87060->87071 87176 6c998541 40 API calls 2 library calls 87060->87176 87177 6c99868b 39 API calls 2 library calls 87060->87177 87061->87057 87061->87060 87062 6c966050 74 API calls 87061->87062 87175 6c966300 48 API calls 87061->87175 87062->87061 87064 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87066 6c969cea 87064->87066 87065->87060 87066->86905 87068->87060 87070 6c966050 74 API calls 87069->87070 87070->87071 87071->87064 87072->86905 87073->86905 87074->86905 87075->86905 87076->86905 87078 6c96985f 87077->87078 87079 6c96939a 87077->87079 87082 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87078->87082 87080 6c9693a2 87079->87080 87081 6c9697f0 87079->87081 87085 6c9693dd 87080->87085 87086 6c9693ad 87080->87086 87195 6c968f70 CreateFileA 87081->87195 87084 6c969873 87082->87084 87084->86905 87160 6c96945c CreateFileA 87085->87160 87232 6c968600 87085->87232 87087 6c966050 74 API calls 87086->87087 87088 6c9693c2 87087->87088 87092 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87088->87092 87089 6c96988d 87094 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87089->87094 87098 6c9693d9 87092->87098 87093 6c969810 87104 6c966050 74 API calls 87093->87104 87100 6c9698a2 87094->87100 87096 6c9694d4 87241 6c966300 48 API calls 87096->87241 87097 6c96950c DeviceIoControl 87107 6c969536 87097->87107 87108 6c969575 87097->87108 87098->86905 87099 6c96976a 87099->87089 87099->87093 87105 6c969817 87099->87105 87100->86905 87101 6c9693fb 87106 6c966050 74 API calls 87101->87106 87102 6c969428 87238 6c964e10 83 API calls ___vcrt_freefls@4 87102->87238 87104->87089 87114 6c96982f 87105->87114 87118 6c966050 74 API calls 87105->87118 87113 6c96940d 87106->87113 87242 6c966300 48 API calls 87107->87242 87110 6c9695b3 87108->87110 87111 6c96957c 87108->87111 87119 6c9697b9 87110->87119 87126 6c9695c9 87110->87126 87116 6c966050 74 API calls 87111->87116 87112 6c9694db 87117 6c966050 74 API calls 87112->87117 87120 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87113->87120 87121 6c966050 74 API calls 87114->87121 87124 6c969591 CloseHandle 87116->87124 87125 6c9694f1 87117->87125 87118->87114 87129 6c966050 74 API calls 87119->87129 87127 6c969424 87120->87127 87121->87078 87122 6c96953d 87128 6c966050 74 API calls 87122->87128 87123 6c968600 3 API calls 87130 6c96942f 87123->87130 87131 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87124->87131 87132 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87125->87132 87133 6c96964f 87126->87133 87134 6c969688 87126->87134 87127->86905 87136 6c969553 CloseHandle 87128->87136 87135 6c9697ce CloseHandle 87129->87135 87130->87123 87138 6c96946c 87130->87138 87146 6c96945e 87130->87146 87130->87160 87239 6c964e10 83 API calls ___vcrt_freefls@4 87130->87239 87139 6c9695af 87131->87139 87140 6c969508 87132->87140 87141 6c966050 74 API calls 87133->87141 87137 6c966050 74 API calls 87134->87137 87143 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87135->87143 87142 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87136->87142 87144 6c9696a6 87137->87144 87147 6c966050 74 API calls 87138->87147 87139->86905 87140->86905 87148 6c969666 CloseHandle 87141->87148 87145 6c969571 87142->87145 87149 6c9697ec 87143->87149 87178 6c968cd0 87144->87178 87145->86905 87240 6c964e10 83 API calls ___vcrt_freefls@4 87146->87240 87154 6c969485 87147->87154 87153 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87148->87153 87149->86905 87157 6c969684 87153->87157 87156 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87154->87156 87155 6c9696b2 87158 6c969731 CloseHandle 87155->87158 87159 6c9696bb DeviceIoControl 87155->87159 87161 6c96949c 87156->87161 87157->86905 87163 6c969744 87158->87163 87164 6c969756 87158->87164 87162 6c9696ed 87159->87162 87170 6c96970a 87159->87170 87160->87096 87160->87097 87161->86905 87243 6c966300 48 API calls 87162->87243 87166 6c966050 74 API calls 87163->87166 87164->87099 87168 6c966050 74 API calls 87164->87168 87166->87164 87167 6c9696f4 87169 6c966050 74 API calls 87167->87169 87168->87099 87169->87170 87170->87158 87171->86905 87172->86905 87173->86893 87174->86893 87175->87061 87176->87060 87177->87060 87179 6c968f46 87178->87179 87180 6c968cf8 __FrameHandler3::FrameUnwindToState 87178->87180 87181 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87179->87181 87183 6c968d10 87180->87183 87190 6c968d3b 87180->87190 87182 6c968f55 87181->87182 87182->87155 87184 6c966050 74 API calls 87183->87184 87185 6c968d25 87184->87185 87186 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87185->87186 87189 6c968d37 87186->87189 87187 6c991ba6 ___vcrt_freefls@4 14 API calls 87187->87190 87188 6c968d5e DeviceIoControl 87188->87190 87189->87155 87190->87179 87190->87187 87190->87188 87191 6c966050 74 API calls 87190->87191 87192 6c991f2e ___std_exception_copy 15 API calls 87190->87192 87193 6c968e2b DeviceIoControl 87190->87193 87194 6c966300 48 API calls 87190->87194 87191->87190 87192->87190 87193->87190 87194->87190 87196 6c968fb3 87195->87196 87197 6c968fdb DeviceIoControl 87195->87197 87244 6c966300 48 API calls 87196->87244 87199 6c96902e 87197->87199 87200 6c968ffd 87197->87200 87202 6c966050 74 API calls 87199->87202 87245 6c966300 48 API calls 87200->87245 87211 6c96904d 87202->87211 87203 6c968fba 87205 6c966050 74 API calls 87203->87205 87204 6c969004 87206 6c966050 74 API calls 87204->87206 87229 6c968fd0 __InternalCxxFrameHandler 87205->87229 87207 6c96901a CloseHandle 87206->87207 87207->87229 87208 6c969070 DeviceIoControl 87208->87211 87212 6c9690e9 87208->87212 87209 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87210 6c969346 87209->87210 87210->87099 87211->87208 87215 6c9690e7 87211->87215 87246 6c966300 48 API calls 87212->87246 87214 6c9691e8 CloseHandle 87216 6c969203 87214->87216 87215->87214 87222 6c96912b 87215->87222 87228 6c969180 DeviceIoControl 87215->87228 87231 6c966050 74 API calls 87215->87231 87247 6c966300 48 API calls 87215->87247 87218 6c969317 87216->87218 87221 6c96922d 87216->87221 87217 6c9690f0 87219 6c966050 74 API calls 87217->87219 87220 6c966050 74 API calls 87218->87220 87219->87215 87220->87229 87223 6c991f2e ___std_exception_copy 15 API calls 87221->87223 87222->87214 87224 6c96927a 87223->87224 87225 6c969293 87224->87225 87226 6c991f2e ___std_exception_copy 15 API calls 87224->87226 87227 6c966050 74 API calls 87225->87227 87225->87229 87226->87225 87227->87229 87228->87215 87229->87209 87231->87215 87236 6c968615 87232->87236 87233 6c968678 87233->87101 87233->87102 87234 6c968629 EnterCriticalSection 87235 6c96866d LeaveCriticalSection 87234->87235 87234->87236 87235->87233 87235->87236 87236->87233 87236->87234 87236->87235 87237 6c96865f LeaveCriticalSection 87236->87237 87237->87236 87238->87130 87239->87130 87240->87160 87241->87112 87242->87122 87243->87167 87244->87203 87245->87204 87246->87217 87247->87215 87248->86940 87249->86940 87250->86940 87251->86940 87252->86940 87253->86940 87254->86940 87255->86940 87256->86966 87257->86966 87259 6c96a124 87258->87259 87260 6c96a0f8 87258->87260 87262 6c991f2e ___std_exception_copy 15 API calls 87259->87262 87261 6c966050 74 API calls 87260->87261 87263 6c96a10b 87261->87263 87264 6c96a133 87262->87264 87265 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87263->87265 87266 6c96a13c 87264->87266 87291 6c96a167 87264->87291 87268 6c96a120 87265->87268 87269 6c966050 74 API calls 87266->87269 87267 6c96a170 RegQueryValueExA 87270 6c96a191 RegQueryValueExA 87267->87270 87267->87291 87268->86982 87271 6c96a14e 87269->87271 87270->87291 87272 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87271->87272 87274 6c96a163 87272->87274 87273 6c96a1e7 87277 6c96a1fd 87273->87277 87278 6c96a28b ___from_strstr_to_strchr 87273->87278 87274->86982 87275 6c96a268 87276 6c966050 74 API calls 87275->87276 87298 6c96a21a RegCloseKey 87276->87298 87283 6c966050 74 API calls 87277->87283 87280 6c96a2cf 87278->87280 87281 6c96a2ab 87278->87281 87279 6c96a222 87282 6c966050 74 API calls 87279->87282 87288 6c991f2e ___std_exception_copy 15 API calls 87280->87288 87286 6c966050 74 API calls 87281->87286 87282->87298 87283->87298 87286->87298 87287 6c991ba6 ___vcrt_freefls@4 14 API calls 87289 6c96a3b6 87287->87289 87290 6c96a2da 87288->87290 87293 6c98e330 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 87289->87293 87292 6c96a208 87290->87292 87294 6c96a2f3 87290->87294 87291->87267 87291->87273 87291->87275 87291->87277 87291->87279 87291->87292 87314 6c9958cd 16 API calls 3 library calls 87291->87314 87295 6c966050 74 API calls 87292->87295 87296 6c96a3ca 87293->87296 87315 6c967ab0 42 API calls 87294->87315 87295->87298 87296->86982 87298->87287 87299 6c96a32d 87299->87298 87300 6c966050 74 API calls 87299->87300 87301 6c96a391 87300->87301 87302 6c991ba6 ___vcrt_freefls@4 14 API calls 87301->87302 87302->87298 87303->87009 87304->87005 87305->87009 87306->87009 87307->87009 87308->87009 87309->87009 87310->87009 87311->87009 87312->87051 87313->87051 87314->87291 87315->87299 87317 6c967057 WaitForSingleObject 87316->87317 87318 6c96703a 87316->87318 87319 6c967087 CloseHandle CloseHandle 87317->87319 87320 6c96706a 87317->87320 87334 6c966300 48 API calls 87318->87334 87323 6c9670a8 87319->87323 87333 6c965d08 87319->87333 87335 6c966300 48 API calls 87320->87335 87326 6c9670cb 87323->87326 87329 6c9670ba FreeLibrary 87323->87329 87324 6c967041 87327 6c966050 74 API calls 87324->87327 87325 6c967071 87328 6c966050 74 API calls 87325->87328 87336 6c968c60 DeleteCriticalSection FreeLibrary FreeLibrary FreeLibrary 87326->87336 87331 6c967054 87327->87331 87332 6c967084 87328->87332 87329->87326 87331->87317 87332->87319 87333->86495 87334->87324 87335->87325 87336->87333 87337 6ce9eb10 87338 6ce9eb21 87337->87338 87339 6ce9eb36 87337->87339 87338->87339 87341 6ce9d790 87338->87341 87342 6ce9d7bc 87341->87342 87343 6ce9d7a0 GetModuleFileNameW 87341->87343 87342->87338 87345 6ce9ea44 GetModuleFileNameW 87343->87345 87346 6ce9ea92 87345->87346 87351 6ce9e920 87346->87351 87353 6ce9e941 87351->87353 87352 6ce9e9c7 87353->87352 87354 6ce9e638 12 API calls 87353->87354 87355 6ce9e9b4 87354->87355 87356 6ce9e9c9 GetUserDefaultUILanguage 87355->87356 87357 6ce9e9ba 87355->87357 87359 6ce9e9d6 87356->87359 87358 6ce9e76c 2 API calls 87357->87358 87358->87352 87367 6ce9e76c 87359->87367 87368 6ce9e78b 87367->87368 87369 6ce9e813 87368->87369 87371 6ce9e6fc 87368->87371 87372 6ce9e711 87371->87372 87373 6ce9e72e FindFirstFileW 87372->87373 87374 6ce9e73e FindClose 87373->87374 87375 6ce9e744 87373->87375 87374->87375 87376 6c9d2447 87377 6c9d2456 __EH_prolog3_GS 87376->87377 87378 6c9d247d 87377->87378 87379 6c9d3149 87377->87379 87380 6c9d2488 87378->87380 87381 6c9d2bd5 87378->87381 87382 6c9d3152 KillTimer 87379->87382 87449 6c9d2566 87379->87449 87383 6c9d25a4 87380->87383 87384 6c9d2493 87380->87384 87686 6c9d1bc6 87381->87686 87382->87449 87390 6c9d25d1 87383->87390 87928 6c9d1708 IsDlgButtonChecked 87383->87928 87386 6c9d249e 87384->87386 87387 6c9d2579 87384->87387 87386->87449 87926 6c9d423f lstrlen 87386->87926 87392 6c9d2588 EndDialog 87387->87392 87387->87449 87388 6c9d2c19 87696 6c9d1ba0 87388->87696 87389 6c9d111e 26 API calls 87393 6c9d3168 87389->87393 87681 6c9d1708 IsDlgButtonChecked 87390->87681 87392->87449 87990 6c9d5ff7 87393->87990 87399 6c9d25b8 87399->87390 87404 6c9d25bc KillTimer 87399->87404 87400 6c9d25d7 87682 6c9d16cf 87400->87682 87401 6c9d24b1 87406 6c9d24b9 GetDlgItem 87401->87406 87401->87449 87404->87390 87409 6c9d24dd GetDlgItem 87406->87409 87427 6c9d24d3 87406->87427 87408 6c9d264a 87413 6c9d2b2b 87408->87413 87417 6c9d2666 87408->87417 87411 6c9d24ee GetDlgItem 87409->87411 87409->87427 87414 6c9d24ff GetDlgItem IsWindowEnabled 87411->87414 87411->87427 87419 6c9d2ba4 87413->87419 87425 6c9d2b79 87413->87425 87426 6c9d2b4b 87413->87426 87420 6c9d2528 GetDlgItem IsWindowEnabled 87414->87420 87421 6c9d2517 GetDlgItem 87414->87421 87415 6c9d2c38 87706 6c9d15b6 87415->87706 87416 6c9d2c50 87713 6c9d18c6 SendDlgItemMessageA 87416->87713 87430 6c9d2b0f 87417->87430 87431 6c9d267b 87417->87431 87452 6c9d28a6 87417->87452 87433 6c9d2bbe 87419->87433 87442 6c9d31c2 53 API calls 87419->87442 87419->87449 87429 6c9d2544 GetDlgItem 87420->87429 87420->87449 87421->87420 87421->87427 87424 6c9d2c5c 87714 6c9d18c6 SendDlgItemMessageA 87424->87714 87440 6c9d2b93 87425->87440 87425->87449 87970 6c9d32d6 53 API calls __EH_prolog3_GS 87425->87970 87426->87419 87443 6c9d2b58 87426->87443 87426->87449 87927 6c9d1927 SetBkColor SetTextColor SetDCBrushColor GetStockObject 87427->87927 87429->87427 87429->87449 87430->87449 87969 6c9d1725 GetDlgItemTextA SetDlgItemTextA SendDlgItemMessageA 87430->87969 87436 6c9d26aa 87431->87436 87437 6c9d268a 87431->87437 87431->87452 87971 6c9d1708 IsDlgButtonChecked 87433->87971 87931 6c9d1708 IsDlgButtonChecked 87436->87931 87445 6c9d2698 87437->87445 87437->87449 87438 6c9d2c6b 87715 6c9d18c6 SendDlgItemMessageA 87438->87715 87454 6c9d16cf 2 API calls 87440->87454 87442->87433 87443->87449 87461 6c9d347b 65 API calls 87443->87461 87930 6c9d4503 60 API calls 2 library calls 87445->87930 87449->87389 87450 6c9d2636 87455 6c9d16cf 2 API calls 87450->87455 87452->87449 87947 6c9d4288 58 API calls __EH_prolog3_GS 87452->87947 87453 6c9d2c77 87716 6c9d18e6 SendDlgItemMessageA 87453->87716 87454->87449 87455->87408 87456 6c9d26b4 87459 6c9d26bc 87456->87459 87460 6c9d28e8 87456->87460 87459->87452 87467 6c9d26e2 87459->87467 87932 6c9d4288 58 API calls __EH_prolog3_GS 87459->87932 87948 6c9d1708 IsDlgButtonChecked 87460->87948 87461->87449 87463 6c9d26a5 87463->87449 87464 6c9d2c83 87717 6c9d18e6 SendDlgItemMessageA 87464->87717 87465 6c9d28ee 87469 6c9d296b 87465->87469 87479 6c9d28f2 87465->87479 87467->87449 87468 6c9d2700 87467->87468 87933 6c9d4415 56 API calls __EH_prolog3_GS 87467->87933 87468->87449 87468->87452 87476 6c9d2807 87468->87476 87477 6c9d2733 GetDlgItemInt 87468->87477 87951 6c9d1708 IsDlgButtonChecked 87469->87951 87470 6c9d2c8d 87718 6c9d18e6 SendDlgItemMessageA 87470->87718 87475 6c9d292f 87475->87452 87950 6c9d4415 56 API calls __EH_prolog3_GS 87475->87950 87476->87452 87944 6c9d1809 29 API calls 2 library calls 87476->87944 87482 6c9d277b 87477->87482 87483 6c9d2750 87477->87483 87478 6c9d2c98 87719 6c9d18e6 SendDlgItemMessageA 87478->87719 87479->87452 87479->87475 87490 6c9d2926 87479->87490 87481 6c9d29ce 87481->87449 87957 6c9d1708 IsDlgButtonChecked 87481->87957 87937 6c9d1809 29 API calls 2 library calls 87482->87937 87486 6c9d15b6 28 API calls 87483->87486 87495 6c9d275c 87486->87495 87488 6c9d2ca3 87720 6c9d18e6 SendDlgItemMessageA 87488->87720 87949 6c9d4415 56 API calls __EH_prolog3_GS 87490->87949 87491 6c9d283a 87945 6c9d2054 28 API calls __EH_prolog3 87491->87945 87493 6c9d2975 87493->87481 87494 6c9d29a3 87493->87494 87952 6c9d4288 58 API calls __EH_prolog3_GS 87493->87952 87494->87449 87953 6c9d41d7 87494->87953 87934 6c9d189c SetDlgItemTextA 87495->87934 87496 6c9d27a6 87938 6c9d2054 28 API calls __EH_prolog3 87496->87938 87501 6c9d2cae 87506 6c9d2d23 87501->87506 87509 6c9d195a 2 API calls 87501->87509 87504 6c9d27ad 87939 6c9d1e97 45 API calls 87504->87939 87505 6c9d2841 87525 6c9d284e 87505->87525 87946 6c9d216c 28 API calls 87505->87946 87519 6c9d2d40 87506->87519 87721 6c9d1905 GetDlgItem KiUserCallbackDispatcher 87506->87721 87516 6c9d2cc6 87509->87516 87510 6c9d15b6 28 API calls 87514 6c9d29c9 87510->87514 87512 6c9d29f4 87512->87449 87513 6c9d2a2a 87512->87513 87958 6c9d4288 58 API calls __EH_prolog3_GS 87512->87958 87513->87449 87959 6c9d1809 29 API calls 2 library calls 87513->87959 87956 6c9d1dd4 52 API calls __EH_prolog3 87514->87956 87515 6c9d27b8 87523 6c9d27c1 GetDlgItem SetFocus 87515->87523 87524 6c9d27e2 lstrcpy 87515->87524 87520 6c9d195a 2 API calls 87516->87520 87722 6c9d1977 87519->87722 87531 6c9d2ccc 87520->87531 87521 6c9d2a4a 87960 6c9d1353 26 API calls 87521->87960 87940 6c9d111e 87523->87940 87530 6c9d111e 26 API calls 87524->87530 87533 6c9d111e 26 API calls 87525->87533 87530->87476 87972 6c9d169d GetWindowRect GetDlgItem 87531->87972 87538 6c9d2881 lstrcpy 87533->87538 87537 6c9d2a56 87541 6c9d111e 26 API calls 87537->87541 87542 6c9d111e 26 API calls 87538->87542 87539 6c9d2d55 87543 6c9d195a 2 API calls 87539->87543 87540 6c9d2cd6 87973 6c9d169d GetWindowRect GetDlgItem 87540->87973 87545 6c9d2a5e 87541->87545 87542->87452 87546 6c9d2d5f 87543->87546 87548 6c9d2ad8 87545->87548 87961 6c9d20aa 41 API calls 87545->87961 87549 6c9d195a 2 API calls 87546->87549 87547 6c9d2ced GetDlgItem SetWindowPos 87547->87506 87551 6c9d41d7 2 API calls 87548->87551 87552 6c9d2d69 87549->87552 87553 6c9d2afa 87551->87553 87555 6c9d1977 2 API calls 87552->87555 87556 6c9d15b6 28 API calls 87553->87556 87554 6c9d2a70 87554->87548 87559 6c9d41d7 2 API calls 87554->87559 87557 6c9d2d73 87555->87557 87558 6c9d2b02 87556->87558 87562 6c9d2d90 87557->87562 87729 6c9d1905 GetDlgItem KiUserCallbackDispatcher 87557->87729 87968 6c9d1d91 52 API calls __EH_prolog3 87558->87968 87560 6c9d2a8a 87559->87560 87563 6c9d15b6 28 API calls 87560->87563 87565 6c9d195a 2 API calls 87562->87565 87566 6c9d2a92 87563->87566 87567 6c9d2d9a 87565->87567 87962 6c9d1dd4 52 API calls __EH_prolog3 87566->87962 87570 6c9d195a 2 API calls 87567->87570 87569 6c9d2a97 87569->87449 87963 6c9d13fa 87569->87963 87571 6c9d2da4 87570->87571 87572 6c9d195a 2 API calls 87571->87572 87575 6c9d2dae 87572->87575 87574 6c9d2ab6 87967 6c9e0cf5 41 API calls 87574->87967 87576 6c9d195a 2 API calls 87575->87576 87581 6c9d2db9 87576->87581 87578 6c9d2acb 87579 6c9d111e 26 API calls 87578->87579 87579->87548 87580 6c9d2dd0 87583 6c9d2ddc CheckDlgButton 87580->87583 87584 6c9d2df9 87580->87584 87581->87580 87730 6c9d1999 87581->87730 87588 6c9d1977 2 API calls 87583->87588 87585 6c9d2e9d 87584->87585 87586 6c9d2e0b 87584->87586 87590 6c9d1999 2 API calls 87585->87590 87589 6c9d2e1f 87586->87589 87593 6c9d1999 2 API calls 87586->87593 87587 6c9d2dc9 87974 6c9d1905 GetDlgItem KiUserCallbackDispatcher 87587->87974 87592 6c9d2df4 87588->87592 87594 6c9d2e99 CheckDlgButton 87589->87594 87596 6c9d2e6a 87589->87596 87601 6c9d41d7 2 API calls 87589->87601 87595 6c9d2ea4 87590->87595 87598 6c9d30ca 87592->87598 87602 6c9d1999 2 API calls 87592->87602 87593->87589 87594->87592 87600 6c9d2ee7 87594->87600 87976 6c9d1905 GetDlgItem KiUserCallbackDispatcher 87595->87976 87596->87594 87609 6c9d1999 2 API calls 87596->87609 87603 6c9d30df 87598->87603 87604 6c9d30d8 87598->87604 87605 6c9d1977 2 API calls 87600->87605 87606 6c9d2e49 87601->87606 87610 6c9d3067 87602->87610 87608 6c9d195a 2 API calls 87603->87608 87733 6c9d31c2 87604->87733 87612 6c9d2ef1 87605->87612 87614 6c9d15b6 28 API calls 87606->87614 87611 6c9d30e9 87608->87611 87613 6c9d2e83 87609->87613 87615 6c9d1999 2 API calls 87610->87615 87620 6c9d195a 2 API calls 87611->87620 87617 6c9d2fc9 87612->87617 87618 6c9d2f03 87612->87618 87621 6c9d1999 2 API calls 87613->87621 87619 6c9d2e51 87614->87619 87622 6c9d3071 87615->87622 87616 6c9d30dd 87777 6c9d33b9 87616->87777 87983 6c9d19b6 GetDlgItem ShowWindow 87617->87983 87977 6c9d19b6 GetDlgItem ShowWindow 87618->87977 87628 6c9d189c 27 API calls 87619->87628 87623 6c9d30f3 87620->87623 87626 6c9d2e8e 87621->87626 87987 6c9d1905 GetDlgItem KiUserCallbackDispatcher 87622->87987 87634 6c9d195a 2 API calls 87623->87634 87635 6c9d1999 2 API calls 87626->87635 87633 6c9d2e5c 87628->87633 87630 6c9d3078 87988 6c9d1905 GetDlgItem KiUserCallbackDispatcher 87630->87988 87631 6c9d2fc7 87984 6c9d18c6 SendDlgItemMessageA 87631->87984 87632 6c9d2f0d 87978 6c9d18c6 SendDlgItemMessageA 87632->87978 87642 6c9d1999 2 API calls 87633->87642 87638 6c9d30fd 87634->87638 87635->87594 87647 6c9d195a 2 API calls 87638->87647 87646 6c9d2e63 87642->87646 87643 6c9d307f 87643->87598 87653 6c9d15b6 28 API calls 87643->87653 87644 6c9d2fe0 87649 6c9d2ffa 87644->87649 87650 6c9d2ff3 87644->87650 87645 6c9d2f1a 87979 6c9d18c6 SendDlgItemMessageA 87645->87979 87975 6c9d1905 GetDlgItem KiUserCallbackDispatcher 87646->87975 87647->87616 87656 6c9d1977 2 API calls 87649->87656 87985 6c9d19b6 GetDlgItem ShowWindow 87650->87985 87657 6c9d309d 87653->87657 87655 6c9d2f25 87980 6c9d1905 GetDlgItem KiUserCallbackDispatcher 87655->87980 87660 6c9d2ff8 87656->87660 87659 6c9d189c 27 API calls 87657->87659 87661 6c9d30a3 87659->87661 87660->87592 87986 6c9d1905 GetDlgItem KiUserCallbackDispatcher 87660->87986 87661->87598 87989 6c9d18e6 SendDlgItemMessageA 87661->87989 87663 6c9d2f49 87981 6c9d1905 GetDlgItem KiUserCallbackDispatcher 87663->87981 87666 6c9d3032 87681->87400 87683 6c9d16df 87682->87683 87684 6c9d1701 87682->87684 87685 6c9d16e4 GetDlgItem KiUserCallbackDispatcher 87683->87685 87684->87408 87929 6c9d1708 IsDlgButtonChecked 87684->87929 87685->87684 87685->87685 87687 6c9d1c45 BuildCatchObjectHelperInternal 87686->87687 87690 6c9d1bf3 87686->87690 87687->87388 87688 6c9d1cb0 87995 6c9d1cb6 28 API calls std::_Xinvalid_argument 87688->87995 87690->87688 87691 6c9d1c24 87690->87691 87993 6c9d10f2 26 API calls _Deallocate 87690->87993 87691->87687 87691->87688 87694 6c9d1c3c 87691->87694 87994 6c9d14dc 28 API calls 87694->87994 87697 6c9d1ba8 87696->87697 87698 6c9d1bb8 87696->87698 87996 6c9d10f2 26 API calls _Deallocate 87697->87996 87700 6c9d1a45 87698->87700 87701 6c9d1a8c 87700->87701 87702 6c9d1a4e GetModuleHandleA CreateWindowExA SetWindowPos 87700->87702 87703 6c9d1631 GetWindowRect GetSystemMetrics GetSystemMetrics SetWindowPos 87701->87703 87702->87701 87997 6c9d5637 87703->87997 87705 6c9d169b KiUserCallbackDispatcher 87705->87415 87705->87416 87707 6c9d15d2 _strlen 87706->87707 88005 6c9d156d 87707->88005 87709 6c9d15de 87710 6c9d19d9 SetWindowTextA 87709->87710 87711 6c9d111e 26 API calls 87710->87711 87712 6c9d19fc 87711->87712 87712->87416 87713->87424 87714->87438 87715->87453 87716->87464 87717->87470 87718->87478 87719->87488 87720->87501 87721->87506 87725 6c9d1985 87722->87725 87723 6c9d1993 87726 6c9d195a 87723->87726 87724 6c9d195a 2 API calls 87724->87725 87725->87723 87725->87724 88010 6c9d17f3 GetDlgItem 87726->88010 87728 6c9d196c ShowWindow 87728->87539 87729->87557 88011 6c9d17f3 GetDlgItem 87730->88011 87732 6c9d19ab ShowWindow 87732->87587 87734 6c9d31ce __EH_prolog3_GS 87733->87734 87735 6c9d41d7 2 API calls 87734->87735 87736 6c9d31db 87735->87736 87737 6c9d15b6 28 API calls 87736->87737 87738 6c9d31e3 87737->87738 87739 6c9d189c 27 API calls 87738->87739 87740 6c9d31ed 87739->87740 87741 6c9d41d7 2 API calls 87740->87741 87742 6c9d31fa 87741->87742 87743 6c9d15b6 28 API calls 87742->87743 87744 6c9d3202 87743->87744 87778 6c9d195a 2 API calls 87777->87778 87779 6c9d33c9 87778->87779 87780 6c9d310c 87779->87780 87781 6c9d1999 2 API calls 87779->87781 87926->87401 87927->87449 87928->87399 87929->87450 87930->87463 87931->87456 87932->87467 87933->87468 87935 6c9d111e 26 API calls 87934->87935 87936 6c9d18c2 GetDlgItem SetFocus 87935->87936 87936->87449 87937->87496 87938->87504 87939->87515 87941 6c9d1129 87940->87941 87942 6c9d1132 87940->87942 88115 6c9d10f2 26 API calls _Deallocate 87941->88115 87942->87449 87944->87491 87945->87505 87946->87525 87947->87452 87948->87465 87949->87452 87950->87452 87951->87493 87952->87494 88116 6c9d4189 87953->88116 87956->87481 87957->87512 87958->87513 87959->87521 87960->87537 87961->87554 87962->87569 87964 6c9d1415 87963->87964 87966 6c9d1427 87964->87966 88121 6c9d14dc 28 API calls 87964->88121 87966->87574 87967->87578 87968->87449 87969->87449 87970->87440 87971->87440 87972->87540 87973->87547 87974->87580 87975->87596 87976->87594 87977->87632 87978->87645 87979->87655 87980->87663 87983->87631 87984->87644 87985->87660 87986->87666 87987->87630 87988->87643 87989->87598 87991 6c9d5637 CatchGuardHandler 5 API calls 87990->87991 87992 6c9d6002 87991->87992 87992->87992 87993->87691 87994->87687 87996->87698 87998 6c9d5640 87997->87998 87999 6c9d5642 IsProcessorFeaturePresent 87997->87999 87998->87705 88001 6c9d5857 87999->88001 88004 6c9d581b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 88001->88004 88003 6c9d593a 88003->87705 88004->88003 88006 6c9d15a0 88005->88006 88007 6c9d157c BuildCatchObjectHelperInternal 88005->88007 88006->88007 88009 6c9d1502 28 API calls 2 library calls 88006->88009 88007->87709 88009->88007 88010->87728 88011->87732 88115->87942 88117 6c9d419d 88116->88117 88118 6c9d29c1 88116->88118 88117->88118 88119 6c9d41a6 GetDlgItem SendMessageA 88117->88119 88118->87510 88119->88118 88120 6c9d41c9 88119->88120 88120->88118 88121->87966 88122 6c98e6e4 88123 6c98e6ed 88122->88123 88124 6c98e6f2 88122->88124 88143 6c98ee32 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 88123->88143 88128 6c98e5ae 88124->88128 88129 6c98e5ba __FrameHandler3::FrameUnwindToState 88128->88129 88130 6c98e5e3 dllmain_raw 88129->88130 88132 6c98e5c9 88129->88132 88133 6c98e5de 88129->88133 88131 6c98e5fd dllmain_crt_dispatch 88130->88131 88130->88132 88131->88132 88131->88133 88144 6c9611d0 88133->88144 88136 6c98e64f 88136->88132 88137 6c98e658 dllmain_crt_dispatch 88136->88137 88137->88132 88138 6c98e66b dllmain_raw 88137->88138 88138->88132 88139 6c9611d0 __DllMainCRTStartup@12 3 API calls 88140 6c98e636 88139->88140 88147 6c98e4fe 89 API calls 4 library calls 88140->88147 88142 6c98e644 dllmain_raw 88142->88136 88143->88124 88145 6c9611f4 88144->88145 88146 6c9611d9 DisableThreadLibraryCalls CreateThread 88144->88146 88145->88136 88145->88139 88146->88145 88148 6c961622 FromBlockLayers 88146->88148 88147->88142 88149 6c98e3a4 88150 6c98e3af 88149->88150 88151 6c98e3e2 88149->88151 88153 6c98e3d4 88150->88153 88154 6c98e3b4 88150->88154 88177 6c98e4fe 89 API calls 4 library calls 88151->88177 88161 6c98e3f7 88153->88161 88155 6c98e3b9 88154->88155 88156 6c98e3ca 88154->88156 88160 6c98e3be 88155->88160 88175 6c98ef80 21 API calls 88155->88175 88176 6c98ef61 23 API calls 88156->88176 88162 6c98e403 __FrameHandler3::FrameUnwindToState 88161->88162 88178 6c98eff1 11 API calls ___scrt_uninitialize_crt 88162->88178 88164 6c98e40a __DllMainCRTStartup@12 88165 6c98e431 88164->88165 88166 6c98e4f6 88164->88166 88172 6c98e46d ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState 88164->88172 88179 6c98ef53 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 88165->88179 88182 6c98f1d2 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter __FrameHandler3::FrameUnwindToState 88166->88182 88169 6c98e4fd 88170 6c98e440 __RTC_Initialize 88170->88172 88180 6c98ee7d InitializeSListHead 88170->88180 88172->88160 88173 6c98e44e 88173->88172 88181 6c98ef28 IsProcessorFeaturePresent ___scrt_release_startup_lock 88173->88181 88175->88160 88176->88160 88177->88160 88178->88164 88179->88170 88180->88173 88181->88172 88182->88169 88183 6cf6e768 88184 6cf6e786 88183->88184 88188 6cf6e799 88183->88188 88189 6cf6dbec 88184->88189 88190 6cf6dc16 88189->88190 88191 6cf6dc28 GetModuleFileNameW 88190->88191 88192 6cf6dc67 88190->88192 88191->88190 88195 6cf6da64 88192->88195 88196 6cf6da91 88195->88196 88197 6cf6daa8 88196->88197 88203 6cf6daf3 88196->88203 88198 6cf6dab4 GetLongPathNameW 88197->88198 88200 6cf6dac4 88198->88200 88199 6cf6db09 FindFirstFileW 88202 6cf6db16 88199->88202 88199->88203 88201 6cf6dade GetLongPathNameW 88200->88201 88204 6cf6daee 88201->88204 88202->88204 88203->88199 88203->88202 88205 6cf6db6a FindClose 88203->88205 88205->88203 88206 6c99df06 88207 6c99df25 88206->88207 88208 6c99df0f 88206->88208 88208->88207 88212 6c99df5e 88208->88212 88210 6c99df1c 88210->88207 88229 6c99e23c 15 API calls 3 library calls 88210->88229 88213 6c99df6a 88212->88213 88214 6c99df67 88212->88214 88230 6c9a596a 88213->88230 88214->88210 88219 6c99df7b 88221 6c99e9b0 __freea 14 API calls 88219->88221 88220 6c99df87 88258 6c99e00d 39 API calls 4 library calls 88220->88258 88223 6c99df81 88221->88223 88223->88210 88224 6c99df8e 88225 6c99e9b0 __freea 14 API calls 88224->88225 88226 6c99dfab 88225->88226 88227 6c99e9b0 __freea 14 API calls 88226->88227 88228 6c99dfb1 88227->88228 88228->88210 88229->88207 88231 6c9a5973 88230->88231 88235 6c99df70 88230->88235 88259 6c99ee0f 39 API calls 3 library calls 88231->88259 88233 6c9a5996 88260 6c9a5775 49 API calls 4 library calls 88233->88260 88236 6c9a5c82 GetEnvironmentStringsW 88235->88236 88237 6c9a5c9a 88236->88237 88238 6c99df75 88236->88238 88261 6c9a150c WideCharToMultiByte _strftime 88237->88261 88238->88219 88238->88220 88240 6c9a5cb7 88241 6c9a5ccc 88240->88241 88242 6c9a5cc1 FreeEnvironmentStringsW 88240->88242 88262 6c99f0df 15 API calls 2 library calls 88241->88262 88242->88238 88244 6c9a5cd3 88245 6c9a5cdb 88244->88245 88246 6c9a5cec 88244->88246 88248 6c99e9b0 __freea 14 API calls 88245->88248 88263 6c9a150c WideCharToMultiByte _strftime 88246->88263 88250 6c9a5ce0 FreeEnvironmentStringsW 88248->88250 88249 6c9a5cfc 88252 6c9a5d0b 88249->88252 88253 6c9a5d03 88249->88253 88251 6c9a5d1d 88250->88251 88251->88238 88255 6c99e9b0 __freea 14 API calls 88252->88255 88254 6c99e9b0 __freea 14 API calls 88253->88254 88256 6c9a5d09 FreeEnvironmentStringsW 88254->88256 88255->88256 88256->88251 88258->88224 88259->88233 88260->88235 88261->88240 88262->88244 88263->88249

                                                                          Executed Functions

                                                                          Function 6C96A3D0 Relevance: 111.5, APIs: 21, Strings: 42, Instructions: 1239COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ENUM pass %s %s$ENUM processing %s$HCD '%s' child not found$PCI\VEN_%04hx&DEV_%04hx%*s$USB$allocating new device for session [%lX]$assigning Root Hub '%s' bus number %u$could not allocate enumerator string '%s'$could not detect installation state of driver for '%s': %s$could not get child devinst for '%s'$could not infer VID/PID of HCD from '%s'$could not obtain device info data for PnP enumerator '%s' index %u: %s$could not obtain device info set for PnP enumerator '%s': %s$could not read enumerator string for device '%s': %s$could not read the device instance ID for devInst %lX, skipping$could not realloc list for unref - aborting$could not retrieve port number for device '%s': %s$destroy device %d.%d$device class GUID for session [%lX] changed$device instance ID for session [%lX] changed$driver for device '%s' is reporting an issue (code: %lu) - skipping$enumerate_hcd_root_hub$failed to alloc guid list$failed to alloc unref list$failed to initialize device '%s'$failed to obtain device info list: %s$found existing device for session [%lX]$found new PnP enumerator string '%s'$get_devinfo_data$interface[%u] = %s$interface[%u] already set to %s$libusb_unref_device$program assertion failed - found more than %u buses, skipping the rest$program assertion failed - max USB interfaces reached for HID device$program assertion failed - parent is not HID$set_hid_interface$setting HID interface for [%lX]:$setting composite interface for [%lX]:$too many enumerator strings, some devices may not be accessible$unlisted ancestor for '%s' (non USB HID, newly connected, etc.) - ignoring$winusb_get_device_list${%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
                                                                          • API String ID: 0-2502836641
                                                                          • Opcode ID: d6e3ce385e1c789aee87477538f5e895b77dae13ab1f8daf57a5cf468c0b6868
                                                                          • Instruction ID: 32eb9873534a3b36636fc30fe34d6f30e28342ff71fb4f4126333fe8a56bf1e6
                                                                          • Opcode Fuzzy Hash: d6e3ce385e1c789aee87477538f5e895b77dae13ab1f8daf57a5cf468c0b6868
                                                                          • Instruction Fuzzy Hash: 5EA2E1B16083409FE710CF26C880B9BB7F9AF96318F144A1DF59997A91EB31D905CB93
                                                                          Function 6C969370 Relevance: 45.9, APIs: 8, Strings: 18, Instructions: 436COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 368 6c969370-6c969394 369 6c969862-6c969876 call 6c98e330 368->369 370 6c96939a-6c96939c 368->370 371 6c9693a2-6c9693ab 370->371 372 6c9697f0 call 6c968f70 370->372 376 6c9693dd-6c9693e2 371->376 377 6c9693ad-6c9693dc call 6c966050 call 6c98e330 371->377 378 6c9697f5-6c9697f7 372->378 379 6c9694a0 376->379 380 6c9693e8-6c9693f9 call 6c968600 376->380 384 6c969893-6c9698a5 call 6c98e330 378->384 385 6c9697fd-6c969801 378->385 382 6c9694a3 379->382 399 6c9693fb-6c969427 call 6c966050 call 6c98e330 380->399 400 6c969428-6c96942f call 6c964e10 380->400 387 6c9694a5-6c9694d2 CreateFileA 382->387 389 6c969877 385->389 390 6c969803-6c969807 385->390 393 6c9694d4-6c96950b call 6c966300 call 6c966050 call 6c98e330 387->393 394 6c96950c-6c969534 DeviceIoControl 387->394 396 6c96987c-6c969890 call 6c966050 389->396 390->389 397 6c969809-6c96980e 390->397 406 6c969536-6c969574 call 6c966300 call 6c966050 CloseHandle call 6c98e330 394->406 407 6c969575-6c96957a 394->407 396->384 403 6c969817-6c969819 397->403 404 6c969810-6c969815 397->404 426 6c969431-6c969446 call 6c968600 400->426 414 6c969832-6c96985f call 6c966050 403->414 415 6c96981b-6c96982f call 6c966050 403->415 404->396 409 6c9695b3-6c9695b8 407->409 410 6c96957c-6c9695b2 call 6c966050 CloseHandle call 6c98e330 407->410 421 6c9695be-6c9695c3 409->421 422 6c9697b9-6c9697ef call 6c966050 CloseHandle call 6c98e330 409->422 414->369 415->414 421->422 430 6c9695c9-6c96964d 421->430 444 6c96946c-6c96949f call 6c966050 call 6c98e330 426->444 445 6c969448-6c96944d 426->445 439 6c96964f-6c969687 call 6c966050 CloseHandle call 6c98e330 430->439 440 6c969688-6c9696b9 call 6c966050 call 6c968cd0 430->440 468 6c969731-6c969742 CloseHandle 440->468 469 6c9696bb-6c9696eb DeviceIoControl 440->469 453 6c96945e-6c96946a call 6c964e10 445->453 454 6c96944f-6c96945a call 6c964e10 445->454 453->382 454->426 470 6c96945c 454->470 474 6c969744-6c969756 call 6c966050 468->474 475 6c969759-6c969768 468->475 472 6c96970f-6c969715 469->472 473 6c9696ed-6c96970d call 6c966300 call 6c966050 469->473 470->387 479 6c969717-6c96971c 472->479 480 6c96971e-6c96972d 472->480 473->468 474->475 476 6c9697a1-6c9697b7 call 6c966050 475->476 477 6c96976a 475->477 476->385 483 6c969786-6c96978d 477->483 484 6c969771-6c969778 477->484 485 6c96978f-6c969796 477->485 486 6c96977d-6c969784 477->486 487 6c969798-6c96979f 477->487 479->468 480->468 483->385 484->385 485->385 486->385 487->385
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (bus: %u, addr: %u, depth: %u, port: %u): '%s'$ancestor for device '%s' not found at depth %u$could not get node connection information (V2) for device '%s': %s$could not get node connection information for device '%s': %s$could not open hub %s: %s$device '%s' has invalid descriptor!$device '%s' is no longer connected!$found %u configurations (current config: %u) for device '%s'$found %u configurations for device '%s' but device is not configured (i.e. current config: 0), ignoring it$init_device$invalid device descriptor$parent for device '%s' is not a hub$program assertion failed - device address overflow$program assertion failed - first ancestor is not parent$too many configurations$unknown device speed %u$usbi_sanitize_device$zero configurations, maybe an unauthorized device
                                                                          • API String ID: 0-4266116663
                                                                          • Opcode ID: 9898d819c2c24cad82b99741510e3205f4f842d701fc635ace5d1772086e671e
                                                                          • Instruction ID: 0fbbb777bb5e3ab2baf281fa02c26b47a4875a6822f01acd50160b03c43ac19e
                                                                          • Opcode Fuzzy Hash: 9898d819c2c24cad82b99741510e3205f4f842d701fc635ace5d1772086e671e
                                                                          • Instruction Fuzzy Hash: 94E139B57083806AE3109B26AC50B7FBBF4AFA6718F44191EF5C692FC2D725E5048763
                                                                          Function 6C9D2447 Relevance: 39.9, APIs: 26, Instructions: 916stringtimewindowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog3_GS.LIBCMT ref: 6C9D2451
                                                                          • EndDialog.USER32(?,00000000), ref: 6C9D2599
                                                                            • Part of subcall function 6C9D423F: lstrlen.KERNEL32(02459235,6C9D24B1), ref: 6C9D424A
                                                                          • GetDlgItem.USER32(000055F6), ref: 6C9D24CA
                                                                          • GetDlgItem.USER32(000055F0), ref: 6C9D24E8
                                                                          • GetDlgItem.USER32(000055F1), ref: 6C9D24F9
                                                                          • GetDlgItem.USER32(000055F4), ref: 6C9D250A
                                                                          • IsWindowEnabled.USER32(00000000), ref: 6C9D250D
                                                                          • GetDlgItem.USER32(000055F4), ref: 6C9D2522
                                                                          • GetDlgItem.USER32(000055F5), ref: 6C9D2533
                                                                          • IsWindowEnabled.USER32(00000000), ref: 6C9D2536
                                                                          • GetDlgItem.USER32(000055F5), ref: 6C9D254F
                                                                            • Part of subcall function 6C9D1708: IsDlgButtonChecked.USER32(?), ref: 6C9D1714
                                                                          • KillTimer.USER32(?,000003E8,000055FD), ref: 6C9D25C4
                                                                          • GetDlgItemInt.USER32(0000560E,00000000,00000000), ref: 6C9D2741
                                                                          • GetDlgItem.USER32(0000560E,0000560E), ref: 6C9D2769
                                                                          • GetDlgItem.USER32(00005612), ref: 6C9D27C8
                                                                          • SetFocus.USER32(00000000), ref: 6C9D27CF
                                                                            • Part of subcall function 6C9D111E: _Deallocate.LIBCONCRT ref: 6C9D112D
                                                                          • lstrcpy.KERNEL32(0066174E,?), ref: 6C9D27F9
                                                                          • lstrcpy.KERNEL32(00661764,?), ref: 6C9D2898
                                                                          • SetFocus.USER32(00000000), ref: 6C9D2770
                                                                            • Part of subcall function 6C9D4288: __EH_prolog3_GS.LIBCMT ref: 6C9D428F
                                                                            • Part of subcall function 6C9D4288: lstrcpy.KERNEL32(00661867,?), ref: 6C9D43DE
                                                                            • Part of subcall function 6C9D1809: GetDlgItemTextA.USER32(00050056,?,00000000,?), ref: 6C9D185B
                                                                            • Part of subcall function 6C9D2054: __EH_prolog3.LIBCMT ref: 6C9D205B
                                                                          • KiUserCallbackDispatcher.NTDLL ref: 6C9D2C2F
                                                                          • KillTimer.USER32(?,000003E8), ref: 6C9D3158
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Item$lstrcpy$EnabledFocusH_prolog3_KillTimerWindow$ButtonCallbackCheckedDeallocateDialogDispatcherH_prolog3TextUserlstrlen
                                                                          • String ID:
                                                                          • API String ID: 842316870-0
                                                                          • Opcode ID: 51e551ae704c1d38bb8b8bab52f94bcd4f8d509fa73e2329b4c15211f4eb4315
                                                                          • Instruction ID: 39126c6fbe9267d419ad8423903473fa9b42298045740ac3c6dd7711aef49680
                                                                          • Opcode Fuzzy Hash: 51e551ae704c1d38bb8b8bab52f94bcd4f8d509fa73e2329b4c15211f4eb4315
                                                                          • Instruction Fuzzy Hash: 4962F7B2A04E446AEB01DF74DC48BEE37B9AB23719F168064E0107BB91C775FA49CB51
                                                                          Function 6C968CD0 Relevance: 19.5, APIs: 2, Strings: 9, Instructions: 206COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1873 6c968cd0-6c968cf2 1874 6c968f46-6c968f58 call 6c98e330 1873->1874 1875 6c968cf8-6c968d0e call 6c9958c2 1873->1875 1880 6c968d10-6c968d3a call 6c966050 call 6c98e330 1875->1880 1881 6c968d3b-6c968d3d 1875->1881 1883 6c968d42-6c968d44 1881->1883 1885 6c968d56-6c968d58 1883->1885 1886 6c968d46-6c968d54 call 6c991ba6 1883->1886 1885->1874 1889 6c968d5e-6c968db5 DeviceIoControl 1885->1889 1886->1885 1892 6c968db7-6c968ddb call 6c966300 call 6c966050 1889->1892 1893 6c968de0-6c968de5 1889->1893 1906 6c968f37-6c968f40 1892->1906 1894 6c968f1b-6c968f2c 1893->1894 1895 6c968deb-6c968df4 1893->1895 1898 6c968f2e-6c968f34 call 6c966050 1894->1898 1895->1894 1897 6c968dfa-6c968e11 call 6c991f2e 1895->1897 1907 6c968e13-6c968e26 1897->1907 1908 6c968e2b-6c968e6f DeviceIoControl 1897->1908 1898->1906 1906->1874 1906->1883 1907->1898 1909 6c968e71-6c968e95 call 6c966300 call 6c966050 1908->1909 1910 6c968e9a-6c968ea9 1908->1910 1909->1906 1912 6c968f06-6c968f19 1910->1912 1913 6c968eab-6c968eb4 1910->1913 1912->1898 1913->1912 1914 6c968eb6-6c968ec1 1913->1914 1916 6c968ed5-6c968f04 call 6c966050 1914->1916 1917 6c968ec3-6c968ed3 1914->1917 1916->1906 1917->1898
                                                                          APIs
                                                                          • DeviceIoControl.KERNEL32(?,00220410,?,00000015,?), ref: 6C968DAD
                                                                          Strings
                                                                          • cached config descriptor %u (bConfigurationValue=%u, %u bytes), xrefs: 6C968EDC
                                                                          • descriptor %u not a configuration descriptor for '%s', xrefs: 6C968EC7
                                                                          • unexpected configuration descriptor %u size (actual) for '%s', xrefs: 6C968F0D
                                                                          • cache_config_descriptors, xrefs: 6C968D18, 6C968DCB, 6C968E1F, 6C968E85, 6C968ECC, 6C968EE1, 6C968F12, 6C968F27
                                                                          • could not access configuration descriptor %u (actual) for '%s': %s, xrefs: 6C968E80
                                                                          • could not allocate configuration descriptor array for '%s', xrefs: 6C968D13
                                                                          • could not access configuration descriptor %u (dummy) for '%s': %s, xrefs: 6C968DC6
                                                                          • could not allocate configuration descriptor %u buffer for '%s', xrefs: 6C968E1A
                                                                          • unexpected configuration descriptor %u size (dummy) for '%s', xrefs: 6C968F22
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ControlDevice
                                                                          • String ID: cache_config_descriptors$cached config descriptor %u (bConfigurationValue=%u, %u bytes)$could not access configuration descriptor %u (actual) for '%s': %s$could not access configuration descriptor %u (dummy) for '%s': %s$could not allocate configuration descriptor %u buffer for '%s'$could not allocate configuration descriptor array for '%s'$descriptor %u not a configuration descriptor for '%s'$unexpected configuration descriptor %u size (actual) for '%s'$unexpected configuration descriptor %u size (dummy) for '%s'
                                                                          • API String ID: 2352790924-4241529275
                                                                          • Opcode ID: 0b5b00e837e9b3e3e5561997b6c603027eac0ae415f54d2f28318c4d7aed092d
                                                                          • Instruction ID: 6a2dcba7364f752182dbb59071477fe4c66cf6e38040510182673b30962e984a
                                                                          • Opcode Fuzzy Hash: 0b5b00e837e9b3e3e5561997b6c603027eac0ae415f54d2f28318c4d7aed092d
                                                                          • Instruction Fuzzy Hash: 2A61F6F0648351BFE3049B228C11F6BBAE9AF96308F44491AF985A6E81D335D914C7A7
                                                                          Function 6C98E170 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 81librarywindowloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • LoadLibraryA.KERNEL32(libjack.dll,?,?,00001000), ref: 6C98E195
                                                                          • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,00001000), ref: 6C98E1B3
                                                                          • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,00001000), ref: 6C98E1C1
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 6C98E21E
                                                                          • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,6C98E0F3,jack_port_get_buffer,6C961169,?,00001000,?,?,?,?,00001000), ref: 6C98E236
                                                                          • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,6C98E0F3,jack_port_get_buffer,6C961169,?,00001000,?,?,?,?,00001000), ref: 6C98E243
                                                                          Strings
                                                                          • Failed to load libjack DLL: %d, xrefs: 6C98E1CA
                                                                          • SKIP_LIBJACK, xrefs: 6C98E17F
                                                                          • libjack.dll, xrefs: 6C98E190
                                                                          • could not GetProcAddress( %s ), %s , xrefs: 6C98E251
                                                                          • libjack not found, so do not try to load %s ffs !, xrefs: 6C98E1FC
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFormatLastMessage$AddressLibraryLoadProc
                                                                          • String ID: Failed to load libjack DLL: %d$SKIP_LIBJACK$could not GetProcAddress( %s ), %s $libjack not found, so do not try to load %s ffs !$libjack.dll
                                                                          • API String ID: 1197475455-3673827780
                                                                          • Opcode ID: d770280cfe14a2a6ba8886de3f142f6022cead6e99617b8abd82eb9e6e89875e
                                                                          • Instruction ID: 8b76014d8e33569f61423464158399d3c38382ea30b3848df186cf9a3fcf82b9
                                                                          • Opcode Fuzzy Hash: d770280cfe14a2a6ba8886de3f142f6022cead6e99617b8abd82eb9e6e89875e
                                                                          • Instruction Fuzzy Hash: 6021AAF6749201BBEB045AA09C15E7F367DAB54305F18092DFA09D3640EF30D51487A6
                                                                          Function 6C9698C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 109COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(?,?,0000000D,00000000,?,00000100,00000000), ref: 6C9698F4
                                                                          • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(?,?,00000023,00000000,00000000,00000100,00000000), ref: 6C969952
                                                                          • _strrchr.LIBCMT ref: 6C969963
                                                                          • _strrchr.LIBCMT ref: 6C96998F
                                                                          • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(?,?,0000001C,00000000,?,00000004,00000000), ref: 6C9699AB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DevicePropertyRegistrySetup$_strrchr
                                                                          • String ID: #USB($Port_#
                                                                          • API String ID: 2100941858-3033775294
                                                                          • Opcode ID: 9935aefd96c4f270f97227caec4aa88c7bd642bd0774b42a099dab1802458053
                                                                          • Instruction ID: ca3ba85c87329887b772c9375a68c09a1543aece2e5b93406c16fc79357c8f07
                                                                          • Opcode Fuzzy Hash: 9935aefd96c4f270f97227caec4aa88c7bd642bd0774b42a099dab1802458053
                                                                          • Instruction Fuzzy Hash: 2631E7727443056BF720CB61AC42FD773DC9B65708F55042AFA46D6AC0F7B5E50886A2
                                                                          Function 6CF6DA64 Relevance: 6.1, APIs: 4, Instructions: 106fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLongPathNameW.KERNEL32(00000000,00000000,00000000), ref: 6CF6DAB5
                                                                          • GetLongPathNameW.KERNEL32(00000000,00000000,03044FC9), ref: 6CF6DADF
                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000000,6CF6DBCD,?,?,03044FC9,?,?,6CF6DC7B,6CE90000,00000000,03044FC9,00000000,6CF6DCA3), ref: 6CF6DB0A
                                                                          • FindClose.KERNEL32(00000000,?,?,6CF6DBE8,00000000,?,00000000,6CF6DBCD,?,?,03044FC9,?,?,6CF6DC7B,6CE90000,00000000), ref: 6CF6DB6B
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FindLongNamePath$CloseFileFirst
                                                                          • String ID:
                                                                          • API String ID: 646707308-0
                                                                          • Opcode ID: 1405cf12b0ad44f9ce8837404263e63a3548308a625acce147fa52040688410a
                                                                          • Instruction ID: 5e9ac4a3d94446d5db611ede866b998d3c77e84fa0d6643d762faf5e944b46bc
                                                                          • Opcode Fuzzy Hash: 1405cf12b0ad44f9ce8837404263e63a3548308a625acce147fa52040688410a
                                                                          • Instruction Fuzzy Hash: 3A418F30E44618AFCB11DF68CD84BDEB3B9AF49719F3005A8E404E7B54DB309E899B55
                                                                          Function 6C9A0E65 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 408timeCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,6C9A12AA,00000000,00000000,00000000), ref: 6C9A1169
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: InformationTimeZone
                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                          • API String ID: 565725191-239921721
                                                                          • Opcode ID: 939e2bef862c0645fe6232bd3f90b70e8010e747c892fdc75e2dcad1a3420aed
                                                                          • Instruction ID: b3d98644796553894513c189e87e736e478ed7e1d0f7a36d94c0768bea4fb1b7
                                                                          • Opcode Fuzzy Hash: 939e2bef862c0645fe6232bd3f90b70e8010e747c892fdc75e2dcad1a3420aed
                                                                          • Instruction Fuzzy Hash: F9C13871A00225EBDB10AFE5C801AAE7BBDEF6575CF254156E901EBB80E731CA42C780
                                                                          Function 6CE9223B Relevance: 4.6, APIs: 3, Instructions: 122libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleA.KERNEL32(?), ref: 6CE922CD
                                                                          • LoadLibraryA.KERNEL32(?), ref: 6CE922DC
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 6CE92376
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                          • String ID:
                                                                          • API String ID: 310444273-0
                                                                          • Opcode ID: 13e88093eca7a74e6f7e2843363ae382f0f6a81123a7ee47207706172e7ec647
                                                                          • Instruction ID: f8fce0d6c33c389a289d42137dea6909c0612d42d22b8db2adf8efd14d6f6fc6
                                                                          • Opcode Fuzzy Hash: 13e88093eca7a74e6f7e2843363ae382f0f6a81123a7ee47207706172e7ec647
                                                                          • Instruction Fuzzy Hash: 6F51A274D0420AEFDF04CF98C888BADBBB1BF19309F208099E511AB791C7759A95CF50
                                                                          Function 6CE9E850 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,6CE9E912,?,?), ref: 6CE9E882
                                                                          • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,6CE9E912,?,?), ref: 6CE9E88B
                                                                            • Part of subcall function 6CE9E6FC: FindFirstFileW.KERNEL32(00000000,?,00000000,6CE9E75C,?,?), ref: 6CE9E72F
                                                                            • Part of subcall function 6CE9E6FC: FindClose.KERNEL32(00000000,00000000,?,00000000,6CE9E75C,?,?), ref: 6CE9E73F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                          • String ID:
                                                                          • API String ID: 3216391948-0
                                                                          • Opcode ID: a4dfea0307b9be04d342a848a5a9a648efaa1a8c411ba74c0a392e175dbd1f1a
                                                                          • Instruction ID: ae1ea9c4768f293cf0914488316db9a78a2e7fee6fee586ea15ed0a60d0434fe
                                                                          • Opcode Fuzzy Hash: a4dfea0307b9be04d342a848a5a9a648efaa1a8c411ba74c0a392e175dbd1f1a
                                                                          • Instruction Fuzzy Hash: 00117F70E446099BDB04DBA4C880AEDB3B9EF48308F70497DE504E7B90DB306F0886A6
                                                                          Function 6CE9E6FC Relevance: 3.0, APIs: 2, Instructions: 34fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000000,6CE9E75C,?,?), ref: 6CE9E72F
                                                                          • FindClose.KERNEL32(00000000,00000000,?,00000000,6CE9E75C,?,?), ref: 6CE9E73F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Find$CloseFileFirst
                                                                          • String ID:
                                                                          • API String ID: 2295610775-0
                                                                          • Opcode ID: b2fa314ce26db79e8299c01e9a367a29ccbafb5bb1f1b4bfb74a18e086b37900
                                                                          • Instruction ID: 90410f49604c2fd8075da69015ebb08e226bdf4e35bdac2407a913cd32c14338
                                                                          • Opcode Fuzzy Hash: b2fa314ce26db79e8299c01e9a367a29ccbafb5bb1f1b4bfb74a18e086b37900
                                                                          • Instruction Fuzzy Hash: EEF0E272944B08AFC710EB74CD9089EB7FCEB482187700AA5E500D3A40EB309E089561
                                                                          Function 6CEA0508 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: InfoSystem
                                                                          • String ID:
                                                                          • API String ID: 31276548-0
                                                                          • Opcode ID: 6d27a0393cf137aee9d9f768ab2aab9f51078f9c009fa59f11e08fc34549e95f
                                                                          • Instruction ID: c9e6ebc15080361084bcfd4f759c413215917afe26bf551693f4cd4ac87f6e96
                                                                          • Opcode Fuzzy Hash: 6d27a0393cf137aee9d9f768ab2aab9f51078f9c009fa59f11e08fc34549e95f
                                                                          • Instruction Fuzzy Hash: 05A012104094040AC404D7284C4244F32901E40414FC40314A85C95781E715856902DB
                                                                          Function 6CF76168 Relevance: 35.4, APIs: 14, Strings: 6, Instructions: 411registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 933 6cf76168-6cf76183 934 6cf76747-6cf7674a 933->934 935 6cf76189-6cf7620b call 6ce97be4 GetVersionExW call 6ce97be4 call 6cec20c0 933->935 942 6cf76216-6cf76234 935->942 943 6cf7620d-6cf76211 GetNativeSystemInfo 935->943 944 6cf76236-6cf7623d 942->944 945 6cf76250-6cf76271 RegOpenKeyExW 942->945 943->942 946 6cf76243-6cf7624a 944->946 947 6cf7652c-6cf76543 call 6cea0440 944->947 945->947 948 6cf76277-6cf7629f RegQueryValueExW 945->948 946->945 946->947 957 6cf766cb-6cf766d3 947->957 958 6cf76549-6cf7654a 947->958 949 6cf762a1-6cf762a5 948->949 950 6cf762f0-6cf7630a RegQueryValueExW 948->950 949->950 952 6cf762a7-6cf762eb RegQueryValueExW * 2 949->952 953 6cf76405-6cf76421 RegQueryValueExW 950->953 954 6cf76310-6cf76314 950->954 952->953 959 6cf76427-6cf76447 953->959 960 6cf7650c-6cf76522 RegCloseKey 953->960 954->953 956 6cf7631a-6cf76335 954->956 963 6cf76337 956->963 964 6cf7633a-6cf7638c call 6ce9adf0 call 6ce9ac7c RegQueryValueExW call 6cebe864 956->964 961 6cf766d5 957->961 962 6cf766dc-6cf766eb call 6cea0440 957->962 965 6cf76550-6cf76553 958->965 966 6cf765f8-6cf76600 958->966 967 6cf7644c-6cf76479 call 6ce9adf0 call 6ce9ac7c RegQueryValueExW call 6ceb1d40 959->967 968 6cf76449 959->968 960->947 969 6cf766d7-6cf766d8 961->969 970 6cf766ed-6cf766fc call 6cea0440 961->970 962->934 963->964 1046 6cf76391-6cf76394 964->1046 1047 6cf7638e 964->1047 965->934 973 6cf76559-6cf76561 965->973 975 6cf76613-6cf76617 966->975 976 6cf76602 966->976 1026 6cf7647e-6cf76480 967->1026 968->967 977 6cf766fe-6cf76702 969->977 978 6cf766da 969->978 970->934 973->934 984 6cf76567-6cf7656e call 6cec2064 973->984 979 6cf7662d-6cf7663c call 6cea0440 975->979 980 6cf76619-6cf76628 call 6cea0440 975->980 986 6cf76604-6cf76605 976->986 987 6cf76641-6cf76645 976->987 997 6cf76704-6cf76709 977->997 998 6cf7671c-6cf76725 GetSystemMetrics 977->998 978->934 979->934 980->934 1014 6cf765c4-6cf765ce 984->1014 1015 6cf76570-6cf7657a 984->1015 988 6cf76607-6cf76608 986->988 989 6cf7666f-6cf76673 986->989 995 6cf76647-6cf76656 call 6cea0440 987->995 996 6cf7665b-6cf7666a call 6cea0440 987->996 1002 6cf7660e 988->1002 1003 6cf7669d-6cf766a4 call 6cec2064 988->1003 1004 6cf76675-6cf76684 call 6cea0440 989->1004 1005 6cf76689-6cf76698 call 6cea0440 989->1005 995->934 996->934 997->998 1011 6cf7670b-6cf7671a call 6cea0440 997->1011 1000 6cf76727-6cf76736 call 6cea0440 998->1000 1001 6cf76738-6cf76742 call 6cea0440 998->1001 1000->934 1001->934 1002->934 1043 6cf766a6-6cf766b5 call 6cea0440 1003->1043 1044 6cf766ba-6cf766c9 call 6cea0440 1003->1044 1004->934 1005->934 1011->934 1030 6cf765e4-6cf765f3 call 6cea0440 1014->1030 1031 6cf765d0-6cf765df call 6cea0440 1014->1031 1033 6cf76590-6cf7659a 1015->1033 1034 6cf7657c-6cf7658b call 6cea0440 1015->1034 1040 6cf764e5-6cf76502 call 6ce9a218 1026->1040 1041 6cf76482-6cf7649e RegQueryValueExW 1026->1041 1030->934 1031->934 1038 6cf765b0-6cf765bf call 6cea0440 1033->1038 1039 6cf7659c-6cf765ab call 6cea0440 1033->1039 1034->934 1038->934 1039->934 1040->960 1041->1040 1049 6cf764a0-6cf764a8 1041->1049 1043->934 1044->934 1057 6cf76396-6cf763bc call 6ceb1d28 * 2 1046->1057 1058 6cf763c1-6cf763dc call 6ce9d22c 1046->1058 1047->1046 1062 6cf764ad-6cf764e2 call 6ce9adf0 call 6ce9ac7c RegQueryValueExW call 6ceb1d28 1049->1062 1063 6cf764aa 1049->1063 1057->1058 1058->953 1062->1040 1063->1062
                                                                          APIs
                                                                          • GetVersionExW.KERNEL32(0000011C), ref: 6CF761AC
                                                                          • GetNativeSystemInfo.KERNEL32(?,0000011C), ref: 6CF76211
                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020019,?,0000011C), ref: 6CF7626A
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentMajorVersionNumber,00000000,00000000,00000000,?,00000000,6CF76525,?,80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020019,?,0000011C), ref: 6CF76298
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentMajorVersionNumber,00000000,00000000,?,00000004,?,CurrentMajorVersionNumber,00000000,00000000,00000000,?,00000000,6CF76525,?,80000002), ref: 6CF762BC
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentMinorVersionNumber,00000000,00000000,?,00000004,?,CurrentMajorVersionNumber,00000000,00000000,?,00000004,?,CurrentMajorVersionNumber,00000000,00000000), ref: 6CF762DE
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentVersion,00000000,00000000,00000000,?,?,CurrentMajorVersionNumber,00000000,00000000,00000000,?,00000000,6CF76525,?,80000002), ref: 6CF76303
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentVersion,00000000,00000000,00000000,00000002,00000000,6CF763FE,?,?,CurrentVersion,00000000,00000000,00000000,?,?), ref: 6CF7635C
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentBuild,00000000,00000000,00000000,?,?,CurrentVersion,00000000,00000000,00000000,?,?,CurrentMajorVersionNumber,00000000,00000000), ref: 6CF76418
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentBuild,00000000,00000000,00000000,00000002,00000000,6CF76505,?,?,CurrentBuild,00000000,00000000,00000000,?,?), ref: 6CF7646E
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentBuildNumber,00000000,00000000,00000000,00000002,?,CurrentBuild,00000000,00000000,00000000,00000002,00000000,6CF76505,?,?), ref: 6CF76495
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentBuildNumber,00000000,00000000,00000000,00000002,?,CurrentBuildNumber,00000000,00000000,00000000,00000002,?,CurrentBuild,00000000,00000000), ref: 6CF764CF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: QueryValue$InfoNativeOpenSystemVersion
                                                                          • String ID: CurrentBuild$CurrentBuildNumber$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                          • API String ID: 3851673630-3493340660
                                                                          • Opcode ID: 50f0bfc659f35c6001f49a0c214500631a692a3e6da7470dabad8181fe0b0fb7
                                                                          • Instruction ID: effa00e8e84bcae255d2e57b79f08b9385b73ebd67de14a898e36d1575a0c828
                                                                          • Opcode Fuzzy Hash: 50f0bfc659f35c6001f49a0c214500631a692a3e6da7470dabad8181fe0b0fb7
                                                                          • Instruction Fuzzy Hash: E8E15971A142449FDBA1CFA4ED45B9E7BB9FB46318F20446BF400EBA40DB399906CB71
                                                                          Function 6C96A0B0 Relevance: 35.3, APIs: 5, Strings: 15, Instructions: 256COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1078 6c96a0b0-6c96a0f6 SetupDiOpenDevRegKey 1079 6c96a124-6c96a13a call 6c991f2e 1078->1079 1080 6c96a0f8-6c96a123 call 6c966050 call 6c98e330 1078->1080 1086 6c96a167-6c96a169 1079->1086 1087 6c96a13c-6c96a166 call 6c966050 call 6c98e330 1079->1087 1088 6c96a170-6c96a18f RegQueryValueExA 1086->1088 1091 6c96a191-6c96a1a7 RegQueryValueExA 1088->1091 1092 6c96a1ad-6c96a1af 1088->1092 1091->1092 1095 6c96a1e7-6c96a1ee 1092->1095 1096 6c96a1b1-6c96a1b4 1092->1096 1100 6c96a1f4-6c96a1f7 1095->1100 1101 6c96a28b-6c96a2a9 call 6c9902f0 1095->1101 1098 6c96a1ba-6c96a1bf 1096->1098 1099 6c96a268-6c96a286 call 6c966050 1096->1099 1102 6c96a245-6c96a249 1098->1102 1103 6c96a1c5-6c96a1c8 1098->1103 1117 6c96a3a6-6c96a3b1 RegCloseKey call 6c991ba6 1099->1117 1100->1101 1105 6c96a1fd-6c96a206 1100->1105 1112 6c96a2cf-6c96a2e7 call 6c991f2e 1101->1112 1113 6c96a2ab-6c96a2ca call 6c966050 1101->1113 1107 6c96a24e-6c96a263 call 6c966050 1102->1107 1109 6c96a222-6c96a240 call 6c966050 1103->1109 1110 6c96a1ca-6c96a1dd call 6c9958cd 1103->1110 1105->1107 1107->1117 1109->1117 1127 6c96a1df-6c96a1e5 1110->1127 1128 6c96a208 1110->1128 1131 6c96a2f3-6c96a333 call 6c967ab0 1112->1131 1132 6c96a2e9-6c96a2ee 1112->1132 1113->1117 1125 6c96a3b6-6c96a3cd call 6c98e330 1117->1125 1127->1088 1127->1095 1129 6c96a20d-6c96a21d call 6c966050 1128->1129 1138 6c96a3a1 1129->1138 1139 6c96a335-6c96a33a 1131->1139 1140 6c96a37a-6c96a39f call 6c966050 call 6c991ba6 1131->1140 1132->1129 1138->1117 1139->1140 1141 6c96a33c-6c96a378 1139->1141 1140->1138 1141->1117
                                                                          APIs
                                                                          • SetupDiOpenDevRegKey.SETUPAPI(?,?,00000001,00000000,00000001,00020019), ref: 6C96A0E9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: OpenSetup
                                                                          • String ID: &$($Cannot get the additional GUIDs for '%s'$DeviceInterfaceGUID$DeviceInterfaceGUIDs$device '%s' has malformed DeviceInterfaceGUID string '%s', skipping$failed to alloc guid_string$failed to alloc if_guid$failed to realloc guid string$get_guid$no DeviceInterfaceGUID registered for '%s'$no GUID with index %d registered for '%s'$unexpected error from pRegQueryValueExA for '%s'$unexpected type of DeviceInterfaceGUID for '%s'${%8x-%4hx-%4hx-%4hx-%4hx%4hx%4hx}%n%c
                                                                          • API String ID: 2197605033-2872170922
                                                                          • Opcode ID: f620bf3318219d98449b9a7c7852abe16cdccc304ee7e5d058360af35c1f8fe7
                                                                          • Instruction ID: 6212462d886c048517b6d5009bd74ff7a7e70418d810f21818c138bc72308990
                                                                          • Opcode Fuzzy Hash: f620bf3318219d98449b9a7c7852abe16cdccc304ee7e5d058360af35c1f8fe7
                                                                          • Instruction Fuzzy Hash: 9D81D672648340ABE300DB16DC41F5BB7E8EBA6318F444A1AF955E3ED1DB21D918C7A3
                                                                          Function 6C9709C0 Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 119libraryloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                            • Part of subcall function 6C9663F0: GetSystemDirectoryA.KERNEL32(00000104,00000104), ref: 6C966415
                                                                          • GetProcAddress.KERNEL32(00000000,OpenSCManagerA), ref: 6C970A07
                                                                          • FreeLibrary.KERNEL32(00000000), ref: 6C970A82
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AddressDirectoryFreeLibraryProcSystem
                                                                          • String ID: Advapi32$CloseServiceHandle$OpenSCManagerA$OpenServiceA$UsbDk$failed to find %s in Advapi32$failed to open Advapi32$failed to open UsbDk service: %s$failed to open service control manager: %s$usbdk_init
                                                                          • API String ID: 1714587984-309211593
                                                                          • Opcode ID: 54fe1adca6236238744ccf525416411067f1d01bfca416eb0ad32c188a65088d
                                                                          • Instruction ID: d91d727043ccdf9072e064a8e63864f7698e6c8caed6acf591d88126f71331fd
                                                                          • Opcode Fuzzy Hash: 54fe1adca6236238744ccf525416411067f1d01bfca416eb0ad32c188a65088d
                                                                          • Instruction Fuzzy Hash: E63145A2709301B7D7107A3E6C06FDF766CEBD1225F540526F805E3E41DB26C80A82B7
                                                                          Function 6C96AA1E Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 367COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(?,?,00000009,00000000,00000000,00000000,00000000), ref: 6C96AA31
                                                                          • GetLastError.KERNEL32(?,?,00000009,00000000,00000000,00000000,00000000), ref: 6C96AA3B
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96AD45
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96AD6B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$DeviceEnterErrorLastLeavePropertyRegistrySetup
                                                                          • String ID: The following device has no driver: '%s'$destroy device %d.%d$extra GUID: %s$failed to realloc guid list$libusb will not be able to access it$libusb_unref_device$unexpected error during getting DeviceInterfaceGUID for '%s'$unlisted ancestor for '%s' (non USB HID, newly connected, etc.) - ignoring$winusb_get_device_list${%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
                                                                          • API String ID: 1890145532-808448848
                                                                          • Opcode ID: 469825e1a43c091b9e35b56725094de422e0c3b8508cb77b46586d469b91d5b9
                                                                          • Instruction ID: a3f5dcc4f97651c528ad177efc6a75e9d132f117b60a2a93c14700de990d6ff2
                                                                          • Opcode Fuzzy Hash: 469825e1a43c091b9e35b56725094de422e0c3b8508cb77b46586d469b91d5b9
                                                                          • Instruction Fuzzy Hash: 75D103B16083519FE710CF16C880F5BB7F9BF96308F044969F9859BA91EB70D905CB92
                                                                          Function 6C968F70 Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 306fileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1556 6c968f70-6c968fb1 CreateFileA 1557 6c968fb3-6c968fd6 call 6c966300 call 6c966050 1556->1557 1558 6c968fdb-6c968ffb DeviceIoControl 1556->1558 1575 6c969334-6c96934c call 6c98e330 1557->1575 1560 6c96902e-6c969057 call 6c966050 1558->1560 1561 6c968ffd-6c969029 call 6c966300 call 6c966050 CloseHandle 1558->1561 1569 6c969115-6c969129 call 6c990080 1560->1569 1570 6c96905d-6c969064 1560->1570 1561->1575 1582 6c969135-6c969147 call 6c990080 1569->1582 1583 6c96912b-6c969130 1569->1583 1570->1569 1573 6c96906a-6c96906e 1570->1573 1576 6c969070-6c9690a5 DeviceIoControl 1573->1576 1580 6c9690a7-6c9690b1 1576->1580 1581 6c9690e9-6c96910a call 6c966300 call 6c966050 1576->1581 1585 6c9690b3-6c9690b8 1580->1585 1586 6c9690ba-6c9690bc 1580->1586 1605 6c96910d-6c96910f 1581->1605 1596 6c969153-6c969165 call 6c990080 1582->1596 1597 6c969149-6c96914e 1582->1597 1587 6c9691e8-6c969201 CloseHandle 1583->1587 1593 6c9690db-6c9690e5 1585->1593 1594 6c9690d6 1586->1594 1595 6c9690be-6c9690c1 1586->1595 1590 6c969217-6c969227 1587->1590 1591 6c969203-6c969208 1587->1591 1600 6c969317-6c96932f call 6c966050 1590->1600 1601 6c96922d 1590->1601 1591->1590 1599 6c96920a-6c969213 1591->1599 1593->1576 1598 6c9690e7 1593->1598 1594->1593 1595->1594 1603 6c9690c3-6c9690c6 1595->1603 1620 6c969167-6c96916b 1596->1620 1621 6c9691e3 1596->1621 1597->1587 1598->1605 1599->1590 1600->1575 1606 6c969234-6c969247 1601->1606 1607 6c9692c5-6c9692d6 1601->1607 1608 6c9692c0 1601->1608 1609 6c96925e-6c969269 1601->1609 1610 6c969249-6c96925c 1601->1610 1613 6c9690cf-6c9690d4 1603->1613 1614 6c9690c8-6c9690cd 1603->1614 1605->1569 1605->1587 1618 6c96926d-6c969285 call 6c991f2e 1606->1618 1616 6c96926b 1607->1616 1617 6c9692d8-6c9692de 1607->1617 1608->1607 1609->1616 1610->1618 1613->1593 1614->1593 1616->1618 1617->1618 1626 6c969287-6c96929a call 6c991f2e 1618->1626 1627 6c96929c-6c9692be call 6c966050 1618->1627 1620->1587 1623 6c96916d-6c969176 1620->1623 1621->1587 1623->1587 1625 6c969178-6c96917c 1623->1625 1630 6c969180-6c9691a6 DeviceIoControl 1625->1630 1626->1627 1635 6c9692e0-6c969315 call 6c98fb00 1626->1635 1627->1575 1633 6c9691ce-6c9691d3 1630->1633 1634 6c9691a8-6c9691cc call 6c966300 call 6c966050 1630->1634 1637 6c9691d5-6c9691da 1633->1637 1638 6c9691dc-6c9691df 1633->1638 1634->1638 1635->1575 1637->1621 1637->1638 1638->1630 1639 6c9691e1 1638->1639 1639->1587
                                                                          APIs
                                                                          • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000003,00000000,00000000,00000000,00000000,?,?), ref: 6C968FA2
                                                                          • DeviceIoControl.KERNEL32(00000000,00220408,00000000,00000000,?,0000004C,?,00000000), ref: 6C968FF3
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C96901E
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(00000000,?,00000000,6C96628E,?,00000064,00000000,?,?), ref: 6C966309
                                                                            • Part of subcall function 6C966300: FormatMessageA.KERNEL32(00001200,00000000,00000000,00000400,6C9C9D50,00000100,00000000,00000000,?,?), ref: 6C96636E
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000006,6C962194,?,00000084), ref: 6C966378
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CloseControlCreateDeviceFileFormatHandleMessage
                                                                          • String ID: ROOT_HUB20$ROOT_HUB30$ROOT_HUB31$could not allocate config descriptor for root hub '%s'$could not get node connection information (V2) for root hub '%s' port %lu: %s$could not get node connection information for root hub '%s' port %lu: %s$could not get root hub info for '%s': %s$could not open root hub %s: %s$init_root_hub$program assertion failed - unknown root hub speed$root hub '%s' reports %lu ports
                                                                          • API String ID: 3167073719-2680546029
                                                                          • Opcode ID: c018c9d4b67335b28dc7a5ae780e2cf5ab8b899ea5ff4bc7976ba9eb36765d04
                                                                          • Instruction ID: 647d3f7ad51c689078465f2780044accb07cf5fa38fd252a2c00bce3c73e81a7
                                                                          • Opcode Fuzzy Hash: c018c9d4b67335b28dc7a5ae780e2cf5ab8b899ea5ff4bc7976ba9eb36765d04
                                                                          • Instruction Fuzzy Hash: 23A134B0648340BFF7109B26CC05F9A7BA8BB66308F061529F95597EC2D372EA14C797
                                                                          Function 6CE9E318 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 178registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6CE9E540,?,?,?), ref: 6CE9E357
                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6CE9E540,?,?,?), ref: 6CE9E3A0
                                                                          • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6CE9E540,?,?,?), ref: 6CE9E3C2
                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000), ref: 6CE9E3E0
                                                                          • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001), ref: 6CE9E3FE
                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,00020019,?,80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002), ref: 6CE9E41C
                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,00020019,?,80000001,Software\Borland\Locales,00000000,00020019,?,80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001), ref: 6CE9E43A
                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,00000000,6CE9E51C,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6CE9E540), ref: 6CE9E474
                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,?,00000000,6CE9E51C,?,80000001), ref: 6CE9E499
                                                                          • RegCloseKey.ADVAPI32(?,6CE9E523,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,6CE9E51C,?,80000001,Software\Embarcadero\Locales), ref: 6CE9E514
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Open$QueryValue$CloseFileModuleName
                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                          • API String ID: 2701450724-3496071916
                                                                          • Opcode ID: 37e7e52df80ae41c880e54190efdb48c2cb636279f14303c068fbee21e4d4ae0
                                                                          • Instruction ID: b2a7343a50e08537f1cee947032e16561aadb65f70d445b56ca07ea619648f20
                                                                          • Opcode Fuzzy Hash: 37e7e52df80ae41c880e54190efdb48c2cb636279f14303c068fbee21e4d4ae0
                                                                          • Instruction Fuzzy Hash: 99512771A4061DBEEB10C6A4CC41FEE73BCEB04708F704959FA14F7A81E774AA448A95
                                                                          Function 6C971C70 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 156COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1680 6c971c70-6c971ca8 1681 6c971e50-6c971e79 caerLog call 6c98e330 1680->1681 1682 6c971cae-6c971cb0 1680->1682 1682->1681 1683 6c971cb6-6c971cc8 1682->1683 1686 6c971cce-6c971ced 1683->1686 1687 6c971e39-6c971e4f call 6c98e330 1683->1687 1688 6c971cef-6c971cf1 1686->1688 1689 6c971cfb-6c971d11 1686->1689 1688->1689 1691 6c971cf3-6c971cf5 1688->1691 1689->1687 1693 6c971d17-6c971d55 call 6c994ca4 call 6c99485c call 6c991f2e call 6c994c85 1689->1693 1691->1687 1691->1689 1702 6c971d57 1693->1702 1703 6c971d96 1693->1703 1705 6c971d65-6c971d6a 1702->1705 1706 6c971d73-6c971d78 1702->1706 1707 6c971d81-6c971d86 1702->1707 1708 6c971d8f-6c971d94 1702->1708 1709 6c971d5e-6c971d63 1702->1709 1710 6c971d6c-6c971d71 1702->1710 1711 6c971d7a-6c971d7f 1702->1711 1712 6c971d88-6c971d8d 1702->1712 1704 6c971d9b-6c971df9 call 6c964af0 call 6c964b30 call 6c991f2e call 6c964b30 1703->1704 1721 6c971e06-6c971e0c 1704->1721 1722 6c971dfb-6c971dfe call 6c9954ae 1704->1722 1705->1704 1706->1704 1707->1704 1708->1704 1709->1704 1710->1704 1711->1704 1712->1704 1724 6c971e0e-6c971e16 call 6c9954ae 1721->1724 1725 6c971e19-6c971e1f 1721->1725 1729 6c971e03 1722->1729 1724->1725 1727 6c971e21-6c971e25 1725->1727 1728 6c971e28-6c971e38 call 6c991ba6 * 2 1725->1728 1727->1728 1728->1687 1729->1721
                                                                          APIs
                                                                          • _strftime.LIBCMT ref: 6C971D4A
                                                                          • caerLog.LIB_HELP(00000003,Logger,Missing subSystem or format strings. Neither can be NULL.), ref: 6C971E5C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: _strftimecaer
                                                                          • String ID: %Y-%m-%d %H:%M:%S$%s: %s: %s: %s$ALERT$CRITICAL$DEBUG$EMERGENCY$ERROR$INFO$Logger$Missing subSystem or format strings. Neither can be NULL.$NOTICE$UNKNOWN$WARNING
                                                                          • API String ID: 4109336533-449987393
                                                                          • Opcode ID: 8bf01886186ca44fd34967fffe1c56d21c3e6b50926662673dea9662ea9e9640
                                                                          • Instruction ID: 20fb8d3b410d27bbd73287ee1858df7bde22467aa1b4fb71520bc9faf3e3f650
                                                                          • Opcode Fuzzy Hash: 8bf01886186ca44fd34967fffe1c56d21c3e6b50926662673dea9662ea9e9640
                                                                          • Instruction Fuzzy Hash: 395104B1609384BBD7209F55C990F5B77EDEFD6354F05082AF58993B40EB30DA098BA2
                                                                          Function 6C966E10 Relevance: 26.4, APIs: 4, Strings: 11, Instructions: 149COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1736 6c966e10-6c966e27 1737 6c966e2d 1736->1737 1738 6c966f38-6c966f5d CreateIoCompletionPort 1736->1738 1739 6c966e2d call 6c966780 1737->1739 1740 6c966f7e-6c966f8c call 6c9984b0 1738->1740 1741 6c966f5f-6c966f7c call 6c966300 call 6c966050 1738->1741 1742 6c966e32-6c966e39 1739->1742 1745 6c966f91-6c966f9c 1740->1745 1758 6c966fc3-6c966fca 1741->1758 1746 6c966e5a-6c966e5d 1742->1746 1747 6c966e3b 1742->1747 1749 6c966fc1 1745->1749 1750 6c966f9e-6c966fbf call 6c966050 CloseHandle 1745->1750 1753 6c966e66-6c966e6d 1746->1753 1754 6c966e5f-6c966e64 1746->1754 1751 6c966e40-6c966e55 call 6c966050 1747->1751 1749->1758 1750->1758 1751->1758 1755 6c966ec0-6c966f02 InitializeCriticalSection call 6c966050 call 6c9958c2 1753->1755 1756 6c966e6f-6c966e81 call 6c966050 1753->1756 1754->1751 1771 6c966e84-6c966e91 call 6c968be0 1755->1771 1781 6c966f04-6c966f1e call 6c966050 1755->1781 1756->1771 1763 6c967012-6c967017 1758->1763 1764 6c966fcc-6c966fce 1758->1764 1764->1763 1768 6c966fd0-6c966fd7 1764->1768 1772 6c966ffa-6c966ffc 1768->1772 1773 6c966fd9-6c966fe0 1768->1773 1771->1758 1786 6c966e97-6c966e9a call 6c9709c0 1771->1786 1778 6c967007-6c96700c call 6c9664c0 1772->1778 1779 6c966ffe-6c967004 call 6c968c60 1772->1779 1776 6c966fe2-6c966fe9 FreeLibrary 1773->1776 1777 6c966ff3 1773->1777 1776->1777 1777->1772 1778->1763 1779->1778 1781->1758 1790 6c966e9f-6c966ea4 1786->1790 1791 6c966ea6-6c966ebe call 6c966050 1790->1791 1792 6c966f23-6c966f30 call 6c966050 1790->1792 1795 6c966f35 1791->1795 1792->1795 1795->1738
                                                                          APIs
                                                                          • InitializeCriticalSection.KERNEL32(6C9C9E68,00000000,00000120,6C9CA038,6C965AEE,00000000), ref: 6C966EC5
                                                                          • CreateIoCompletionPort.KERNEL32 ref: 6C966F4F
                                                                          • FreeLibrary.KERNEL32(00000000,00000001,00000000,00000120,6C9CA038,6C965AEE,00000000), ref: 6C966FE3
                                                                            • Part of subcall function 6C966780: GetVersionExA.KERNEL32(?), ref: 6C9667C4
                                                                            • Part of subcall function 6C966780: GetVersionExA.KERNEL32(00000094), ref: 6C9667EA
                                                                            • Part of subcall function 6C966780: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000001), ref: 6C96681F
                                                                            • Part of subcall function 6C966780: VerifyVersionInfoA.KERNEL32(0000009C,00000002,00000000,?), ref: 6C966878
                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,00000001,00000000,00000120,6C9CA038,6C965AEE,00000000), ref: 6C966FB9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Version$CloseCompletionConditionCreateCriticalFreeHandleInfoInitializeLibraryMaskPortSectionVerify
                                                                          • String ID: UsbDk backend is available$UsbDk backend is not available$Windows version is too old$could not allocate space for hash table$failed to create I/O completion port thread$failed to create I/O completion port: %s$failed to detect Windows version$htab_create$program assertion failed - hash table already allocated$using %lu entries hash table$windows_init
                                                                          • API String ID: 1897479241-1895850991
                                                                          • Opcode ID: f49152eb0d0370a205acc6ca0e15327b79491cc93de9b695203c67ec034ac061
                                                                          • Instruction ID: a1c63531212c3456b8b3fc127e9663e90ef8723f847e8cfd003537100cff287f
                                                                          • Opcode Fuzzy Hash: f49152eb0d0370a205acc6ca0e15327b79491cc93de9b695203c67ec034ac061
                                                                          • Instruction Fuzzy Hash: 454114BA689700B2FB115B2B8D01F9B32785BB335DF250524F550F6EC1E772D218C2AA
                                                                          Function 6C9612B8 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 288libraryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1797 6c9612b8-6c9612d6 1798 6c9612dc-6c96130f caerDeviceOpen caerDeviceConfigSet 1797->1798 1799 6c96160a-6c96161b call 6c98e330 1797->1799 1801 6c961313-6c96131f caerDeviceDataGet 1798->1801 1801->1801 1802 6c961321-6c961374 caerDeviceClose call 6c96162c call 6c961698 call 6c98e080 1801->1802 1810 6c961376-6c9613d2 call 6c98e110 * 2 call 6c98e140 call 6c98e020 call 6c98e0b0 call 6c98e050 1802->1810 1811 6c9613d4-6c961403 GetModuleFileNameW 1802->1811 1810->1811 1812 6c961405-6c961416 1811->1812 1813 6c96142a 1811->1813 1815 6c96141f-6c961422 1812->1815 1817 6c96142d-6c9614ad call 6c9618a6 call 6c96166d SetCurrentDirectoryW LoadLibraryW 1813->1817 1818 6c961424-6c961428 1815->1818 1819 6c961418-6c96141a 1815->1819 1829 6c9614b3-6c961515 call 6c961a2d call 6c961743 call 6c96166d 1817->1829 1830 6c96161c-6c961629 call 6c961147 FromBlockLayers 1817->1830 1818->1817 1819->1813 1822 6c96141c 1819->1822 1822->1815 1846 6c961519-6c961522 1829->1846 1846->1846 1847 6c961524-6c96154c call 6c9618a6 call 6c9611fb 1846->1847 1852 6c961571-6c961581 call 6c96164e 1847->1852 1853 6c96154e-6c96156e call 6c96164e 1847->1853 1858 6c961593-6c9615b3 LoadLibraryW call 6c98f9a0 1852->1858 1859 6c961583-6c96158e call 6c9619ba 1852->1859 1853->1852 1863 6c9615b5-6c9615ca 1858->1863 1859->1858 1863->1863 1864 6c9615cc-6c9615e3 call 6c98fb00 EnumWindows call 6c96166d 1863->1864 1868 6c9615e8-6c9615f8 call 6c96164e 1864->1868 1868->1799 1871 6c9615fa-6c961605 call 6c9619ba 1868->1871 1871->1799
                                                                          APIs
                                                                          • caerDeviceOpen.LIB_HELP(00000001,00000004,00000000,00000000,00000000), ref: 6C9612EC
                                                                          • caerDeviceConfigSet.LIB_HELP(00000000,000000FE,00000001,00000001), ref: 6C9612FF
                                                                          • caerDeviceDataGet.LIB_HELP(?), ref: 6C961317
                                                                          • caerDeviceClose.LIB_HELP(?), ref: 6C961326
                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00001000), ref: 6C9613E9
                                                                          • SetCurrentDirectoryW.KERNEL32(?,?), ref: 6C961482
                                                                          • LoadLibraryW.KERNEL32(fppdes9.dll), ref: 6C96148D
                                                                          • LoadLibraryW.KERNEL32(FilesystemDialogsCOM.dll,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6C961598
                                                                          • EnumWindows.USER32(00001000,00000000), ref: 6C9615D9
                                                                          • FromBlockLayers.LIB_HELP ref: 6C961622
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Devicecaer$LibraryLoad$BlockCloseConfigCurrentDataDirectoryEnumFileFromLayersModuleNameOpenWindows
                                                                          • String ID: 32 bit float mono audio$FilesystemDialogsCOM.dll$fppdes9.dll
                                                                          • API String ID: 2709535299-1439629591
                                                                          • Opcode ID: b52b149b755ac00a1dc6bf96f6ca787145d34bf9ae883d083f3690b2f251b455
                                                                          • Instruction ID: a875543f182953f7ea14b1a446261a1abb82c2c1b5bb2b5d04730250322be9c6
                                                                          • Opcode Fuzzy Hash: b52b149b755ac00a1dc6bf96f6ca787145d34bf9ae883d083f3690b2f251b455
                                                                          • Instruction Fuzzy Hash: 5EA1A172508340AFE714CB25C8919AFB7F8EFA6708F104E1DF59697A90D770DA48CB52
                                                                          Function 6C961D30 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 87COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • CloseHandle.KERNEL32(?), ref: 6C961D4B
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(00000000,?,00000000,6C96628E,?,00000064,00000000,?,?), ref: 6C966309
                                                                            • Part of subcall function 6C966300: FormatMessageA.KERNEL32(00001200,00000000,00000000,00000400,6C9C9D50,00000100,00000000,00000000,?,?), ref: 6C96636E
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000006,6C962194,?,00000084), ref: 6C966378
                                                                          • CloseHandle.KERNEL32(?), ref: 6C961D7C
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C961DAD
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C961DB6
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C961DBF
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C961DC8
                                                                          • TlsFree.KERNEL32(?), ref: 6C961DD0
                                                                            • Part of subcall function 6C963610: EnterCriticalSection.KERNEL32(?,?,?,?,00000000,6C961CC7), ref: 6C963634
                                                                            • Part of subcall function 6C963610: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,6C961CC7), ref: 6C963675
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Delete$CloseErrorHandleLast$EnterFormatFreeLeaveMessage
                                                                          • String ID: CloseHandle failed: %s$usbi_destroy_event$usbi_destroy_timer
                                                                          • API String ID: 2883090176-1725071481
                                                                          • Opcode ID: e2468a1c8f22e9182241a9a073d075b782de264a75abf251f5c1017b4bf9768d
                                                                          • Instruction ID: 96a424d2c953e5aa256a7c6c8e0ba765d17ecd4e86b4ec846a1b65cb346bc7b7
                                                                          • Opcode Fuzzy Hash: e2468a1c8f22e9182241a9a073d075b782de264a75abf251f5c1017b4bf9768d
                                                                          • Instruction Fuzzy Hash: D1218DB5B00606ABEB049F75CD40F8AFB69FF55308F148265E409E7A81DB31E859CBE0
                                                                          Function 6C96AC45 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 203COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96AD45
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96AD6B
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96AD80
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96AE1C
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96AE43
                                                                          • SetupDiDestroyDeviceInfoList.SETUPAPI(?), ref: 6C96B5C4
                                                                            • Part of subcall function 6C968600: EnterCriticalSection.KERNEL32(?,?,?,6C96B1BF,00000000), ref: 6C968633
                                                                            • Part of subcall function 6C968600: LeaveCriticalSection.KERNEL32(?,?,?,6C96B1BF,00000000), ref: 6C968660
                                                                            • Part of subcall function 6C968600: LeaveCriticalSection.KERNEL32(?,?,?,6C96B1BF,00000000), ref: 6C96866E
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96AE5B
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96AF70
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96AF9E
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96B01B
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96B041
                                                                          Strings
                                                                          • libusb_unref_device, xrefs: 6C96B668
                                                                          • winusb_get_device_list, xrefs: 6C96ADAF
                                                                          • destroy device %d.%d, xrefs: 6C96B663
                                                                          • unlisted ancestor for '%s' (non USB HID, newly connected, etc.) - ignoring, xrefs: 6C96ADAA
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Leave$Enter$DestroyDeviceInfoListSetup
                                                                          • String ID: destroy device %d.%d$libusb_unref_device$unlisted ancestor for '%s' (non USB HID, newly connected, etc.) - ignoring$winusb_get_device_list
                                                                          • API String ID: 3219890818-89376344
                                                                          • Opcode ID: 28f890b9bf1f8e31fc31b6f96ec0eb71f48c52b993a6bd33548afa609ba2cdb0
                                                                          • Instruction ID: ada1028ca5664605624b1607d8af3c7e86ec4684d7a517d8464df68cbc0d6fa2
                                                                          • Opcode Fuzzy Hash: 28f890b9bf1f8e31fc31b6f96ec0eb71f48c52b993a6bd33548afa609ba2cdb0
                                                                          • Instruction Fuzzy Hash: 6B818BB06092118FEB00CF19C480B5BB7F5BF89318F14496DF9899BB95EB31E945CB82
                                                                          Function 6C967020 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 54synchronizationCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 2305 6c967020-6c967038 PostQueuedCompletionStatus 2306 6c967057-6c967068 WaitForSingleObject 2305->2306 2307 6c96703a-6c967054 call 6c966300 call 6c966050 2305->2307 2308 6c967087-6c9670a6 CloseHandle * 2 2306->2308 2309 6c96706a-6c967084 call 6c966300 call 6c966050 2306->2309 2307->2306 2312 6c9670e1-6c9670e2 2308->2312 2313 6c9670a8-6c9670af 2308->2313 2309->2308 2316 6c9670d2-6c9670db call 6c968c60 2313->2316 2317 6c9670b1-6c9670b8 2313->2317 2316->2312 2320 6c9670ba-6c9670c1 FreeLibrary 2317->2320 2321 6c9670cb 2317->2321 2320->2321 2321->2316
                                                                          APIs
                                                                          • PostQueuedCompletionStatus.KERNEL32(?,00000000,?,00000000,?,6C965D08,?), ref: 6C967030
                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C96705F
                                                                          • CloseHandle.KERNEL32(?), ref: 6C96708D
                                                                          • CloseHandle.KERNEL32(?), ref: 6C967099
                                                                          • FreeLibrary.KERNEL32(00000000), ref: 6C9670BB
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(00000000,?,00000000,6C96628E,?,00000064,00000000,?,?), ref: 6C966309
                                                                            • Part of subcall function 6C966300: FormatMessageA.KERNEL32(00001200,00000000,00000000,00000400,6C9C9D50,00000100,00000000,00000000,?,?), ref: 6C96636E
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000006,6C962194,?,00000084), ref: 6C966378
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CloseErrorHandleLast$CompletionFormatFreeLibraryMessageObjectPostQueuedSingleStatusWait
                                                                          • String ID: failed to post I/O completion: %s$failed to wait for I/O completion port thread: %s$windows_exit
                                                                          • API String ID: 724958810-2602998881
                                                                          • Opcode ID: 4950d923df1e9e19f7b389d5eb77917f1aa2f7ecd24f2bafc381fdb4d789190e
                                                                          • Instruction ID: 1d5395cb0341eb43e1a7cc550d53d7c09c3b63937206e227ab0f3475beee2005
                                                                          • Opcode Fuzzy Hash: 4950d923df1e9e19f7b389d5eb77917f1aa2f7ecd24f2bafc381fdb4d789190e
                                                                          • Instruction Fuzzy Hash: 5111EDB5708200FAEF155B369E18F9F7A78AB6272CF300228F056A1ED0DB71D158C7A5
                                                                          Function 6C9699F0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 215COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 2326 6c9699f0-6c969ad9 call 6c98f9a0 * 3 2333 6c969ae4-6c969b0f SetupDiGetDeviceRegistryPropertyA 2326->2333 2334 6c969b11-6c969b18 2333->2334 2335 6c969b68-6c969b6d GetLastError 2333->2335 2336 6c969b31-6c969b34 2334->2336 2337 6c969b1a-6c969b1f 2334->2337 2338 6c969b93 2335->2338 2339 6c969b6f-6c969b90 call 6c966300 call 6c966050 2335->2339 2342 6c969b36-6c969b3a 2336->2342 2343 6c969b3f-6c969b40 2336->2343 2340 6c969b20-6c969b25 2337->2340 2341 6c969b96-6c969ba2 2338->2341 2339->2338 2340->2340 2345 6c969b27-6c969b2c 2340->2345 2341->2333 2346 6c969ba8-6c969bb0 2341->2346 2347 6c969b42-6c969b66 call 6c966050 2342->2347 2348 6c969b3c 2342->2348 2343->2336 2345->2336 2351 6c969bb5-6c969bbf 2346->2351 2347->2341 2348->2343 2354 6c969bc3-6c969bcf 2351->2354 2356 6c969bd0-6c969bd5 2354->2356 2356->2356 2357 6c969bd7-6c969bd9 2356->2357 2358 6c969c45-6c969c5b 2357->2358 2359 6c969bdb-6c969be8 call 6c998541 2357->2359 2358->2354 2361 6c969c61-6c969c6e 2358->2361 2359->2358 2364 6c969bea-6c969bfc call 6c998595 2359->2364 2361->2351 2363 6c969c74 2361->2363 2365 6c969cd8-6c969cf0 call 6c98e330 2363->2365 2370 6c969bfe 2364->2370 2371 6c969c3c-6c969c42 call 6c991ba6 2364->2371 2372 6c969c00-6c969c06 2370->2372 2371->2358 2374 6c969c23-6c969c36 call 6c998595 2372->2374 2375 6c969c08-6c969c18 call 6c9986c4 2372->2375 2374->2372 2383 6c969c38 2374->2383 2381 6c969c76-6c969c81 call 6c991ba6 2375->2381 2382 6c969c1a-6c969c21 2375->2382 2386 6c969c83-6c969c87 2381->2386 2387 6c969c89-6c969c93 2381->2387 2382->2374 2382->2375 2383->2371 2386->2358 2388 6c969c95-6c969c9b 2387->2388 2389 6c969c9d-6c969ca3 2387->2389 2390 6c969ca6-6c969cd6 call 6c966050 2388->2390 2389->2390 2390->2365
                                                                          APIs
                                                                          • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(?,?,?,?,?,00000100,?), ref: 6C969B07
                                                                          • GetLastError.KERNEL32 ref: 6C969B68
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DeviceErrorLastPropertyRegistrySetup
                                                                          • String ID: %s(s): %s$;$could not access %s: %s$get_api_type$matched %s name against %s
                                                                          • API String ID: 225541969-1781845457
                                                                          • Opcode ID: 93befb6ef800b1534e6e9e273f252fc624907d96ac997abc45b9be1b1c6f7904
                                                                          • Instruction ID: cb38b3ea4dd4a101e72af024d302ae522229e08a4200332daf3ad23d6369034a
                                                                          • Opcode Fuzzy Hash: 93befb6ef800b1534e6e9e273f252fc624907d96ac997abc45b9be1b1c6f7904
                                                                          • Instruction Fuzzy Hash: E081E7B16083809FE721DF26C841B9BB7E8AF9630CF05086DE58C97A91D775D608CB97
                                                                          Function 6C98E4FE Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __RTC_Initialize.LIBCMT ref: 6C98E545
                                                                          • ___scrt_uninitialize_crt.LIBCMT ref: 6C98E55F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Initialize___scrt_uninitialize_crt
                                                                          • String ID:
                                                                          • API String ID: 2442719207-0
                                                                          • Opcode ID: 2ef9637b30ee556e703a78361f15cd9302434bcb59db7876288689c6d0ef2539
                                                                          • Instruction ID: 0030016679e85a464224c240f6ff600a6045c9ee03dab762bdb19789284c5c7b
                                                                          • Opcode Fuzzy Hash: 2ef9637b30ee556e703a78361f15cd9302434bcb59db7876288689c6d0ef2539
                                                                          • Instruction Fuzzy Hash: 8641E276E06614EFDF118F65C810B9E3A79EBA169CF114D1AE81497B80D730CE058BE0
                                                                          Function 6C9D1A8D Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetClientRect.USER32(6C9D3A30,?), ref: 6C9D1B02
                                                                          • SendMessageA.USER32(00000404,00000000,00000030), ref: 6C9D1B19
                                                                            • Part of subcall function 6C9D1149: __EH_prolog3_GS.LIBCMT ref: 6C9D1150
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ClientH_prolog3_MessageRectSend
                                                                          • String ID: 0$Tooltip control exception (%s)$Tooltip control not created!
                                                                          • API String ID: 1416056304-684261864
                                                                          • Opcode ID: b9195c515a27f696bce99498aa2c7fd11b6c7d82c6c794c191838fced39d37ca
                                                                          • Instruction ID: cb219e240b7f581b6e98345a07bce61afc298dc3d6a8a53bd7f61613cbafca9d
                                                                          • Opcode Fuzzy Hash: b9195c515a27f696bce99498aa2c7fd11b6c7d82c6c794c191838fced39d37ca
                                                                          • Instruction Fuzzy Hash: 0321F2B2108304AFC704DF60D805E8ABBF8FBE6764F10891DF561A7650E770E204CB96
                                                                          Function 6C9A27EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FreeLibrary.KERNEL32(00000000,?,6C9A28FE,?,?,00000000,00000000,00000000,?,6C9A2B14,00000022,FlsSetValue,6C9B6044,6C9B604C,00000000), ref: 6C9A28B0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FreeLibrary
                                                                          • String ID: api-ms-$ext-ms-
                                                                          • API String ID: 3664257935-537541572
                                                                          • Opcode ID: ea47e2d79ed290cf1c4518a1e3eee9bd6ef6bab7bfd77a25b64b453696b9f3b9
                                                                          • Instruction ID: 7495e6c87b60bca97952b408e6562045a7618fb03e0d38ac8963c8a5886a927f
                                                                          • Opcode Fuzzy Hash: ea47e2d79ed290cf1c4518a1e3eee9bd6ef6bab7bfd77a25b64b453696b9f3b9
                                                                          • Instruction Fuzzy Hash: 6B212731A09911BBDB199BAECC48A4B377DEF42378F2501A0F91DB7681D730EA02C6D4
                                                                          Function 6C9663F0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 65libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetSystemDirectoryA.KERNEL32(00000104,00000104), ref: 6C966415
                                                                          • LoadLibraryA.KERNEL32(?,?,00000000,00000000), ref: 6C966466
                                                                          Strings
                                                                          • program assertion failed - library path buffer overflow, xrefs: 6C966445
                                                                          • \%s.dll, xrefs: 6C966453
                                                                          • program assertion failed - could not get system directory, xrefs: 6C966484
                                                                          • load_system_library, xrefs: 6C966489
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DirectoryLibraryLoadSystem
                                                                          • String ID: \%s.dll$load_system_library$program assertion failed - could not get system directory$program assertion failed - library path buffer overflow
                                                                          • API String ID: 1175261203-847564722
                                                                          • Opcode ID: 4fb1c0cfc9f9e89a50465a00eddbeab696694c25e41c74d132e4ab41ed6d2913
                                                                          • Instruction ID: 367c2e6f1997d2ebf1d6a4169a018075c9c6d27458d3e21798187e7b52cc5b48
                                                                          • Opcode Fuzzy Hash: 4fb1c0cfc9f9e89a50465a00eddbeab696694c25e41c74d132e4ab41ed6d2913
                                                                          • Instruction Fuzzy Hash: 66113ABA7042006BE714DB29D841AFB73A9EBD5308F444C2EE545C3A81D676D50CCAD2
                                                                          Function 6C9945CB Relevance: 9.3, APIs: 6, Instructions: 285COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __allrem.LIBCMT ref: 6C994753
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C99476F
                                                                          • __allrem.LIBCMT ref: 6C994786
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C9947A4
                                                                          • __allrem.LIBCMT ref: 6C9947BB
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C9947D9
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                          • String ID:
                                                                          • API String ID: 1992179935-0
                                                                          • Opcode ID: 9968afd9a23b458ccc1eb5ffa967eb0e5dbc219d595ab06ac88904a12ec3ed6a
                                                                          • Instruction ID: 3f167a7c47b27bd1871a64a5fabfe9b5cbc325e2b5887d4e0a065e40ff51d656
                                                                          • Opcode Fuzzy Hash: 9968afd9a23b458ccc1eb5ffa967eb0e5dbc219d595ab06ac88904a12ec3ed6a
                                                                          • Instruction Fuzzy Hash: 98810971A01746ABE7119E69CC40B9A73E9EF65728F284629E421D7F80EB70D5058F90
                                                                          Function 6C9D33B9 Relevance: 9.1, APIs: 6, Instructions: 63windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9D195A: ShowWindow.USER32(00000000,?,00000000,?,6C9D33C9,0000560D,?,?,?,6C9D3E17,00005602,0000001E), ref: 6C9D196D
                                                                            • Part of subcall function 6C9D1999: ShowWindow.USER32(00000000,?,00000005,?,6C9D33E4,0000560D,?,6C9FD7E0,00000000), ref: 6C9D19AC
                                                                          • GetDlgItem.USER32(0000560D,0000014B), ref: 6C9D33FA
                                                                          • SendMessageA.USER32(00000000,?,6C9FD7E0,00000000), ref: 6C9D3403
                                                                          • GetDlgItem.USER32(0000560D), ref: 6C9D3420
                                                                          • SendMessageA.USER32(00000000,00000143,00000000,024589E9), ref: 6C9D3439
                                                                          • GetDlgItem.USER32(0000560D), ref: 6C9D345F
                                                                          • SendMessageA.USER32(00000000,0000014E,00000000,00000000), ref: 6C9D3474
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ItemMessageSend$ShowWindow
                                                                          • String ID:
                                                                          • API String ID: 2117610553-0
                                                                          • Opcode ID: 335a0126d7f5899e0524563c549f523d09e02a36946199408ae4b80e504bddc7
                                                                          • Instruction ID: 29e6c61601ee3e269e9e2aa15c49b345b0302bbcbcb190795c1d1e6dfc50642f
                                                                          • Opcode Fuzzy Hash: 335a0126d7f5899e0524563c549f523d09e02a36946199408ae4b80e504bddc7
                                                                          • Instruction Fuzzy Hash: ED110AB2B08608BFEB059F58EC94C6B377CFF52709B254079F10567390C276BD008A90
                                                                          Function 6CE93082 Relevance: 7.6, APIs: 5, Instructions: 94fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileW.KERNEL32(000B0BA8,80000000,00000001,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,?,6CE93434), ref: 6CE93111
                                                                          • SetFilePointerEx.KERNEL32(000000FF,?,?,00000000,00000000,?,?,?,?,?,?,?,?,6CE93434,6CE9101B), ref: 6CE93139
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: File$CreatePointer
                                                                          • String ID:
                                                                          • API String ID: 2024441833-0
                                                                          • Opcode ID: cffe112ed152054d50af006d6e2f6962ce3fa32c0a50d98b2131db173376ecd5
                                                                          • Instruction ID: e12719af0fd437ef3414c3edeeef5f76921b09dc0983a3eaa7085f553bd7a169
                                                                          • Opcode Fuzzy Hash: cffe112ed152054d50af006d6e2f6962ce3fa32c0a50d98b2131db173376ecd5
                                                                          • Instruction Fuzzy Hash: 8E31E3B1D04209BEEF019FA4DC0AAEDBBB1EF08314F204069F525B55A0EB725A509B58
                                                                          Function 6C98E5AE Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                          • String ID:
                                                                          • API String ID: 3136044242-0
                                                                          • Opcode ID: a67a0ac2e750940f1de161c0a29b179d8f339e48e0412ae35820e716e45971b7
                                                                          • Instruction ID: f7c3b1cce32868649e02aba178939d8e4cc58d6e89639337dd306c93c2206128
                                                                          • Opcode Fuzzy Hash: a67a0ac2e750940f1de161c0a29b179d8f339e48e0412ae35820e716e45971b7
                                                                          • Instruction Fuzzy Hash: CE21D17AE03615EFDF218E16C850EAF3A7DEB91A98F014925F81497B44D730CD018BE0
                                                                          Function 6C9D4CF0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlen.KERNEL32(02459235), ref: 6C9D4D10
                                                                          • lstrlen.KERNEL32(0245921F), ref: 6C9D4D25
                                                                            • Part of subcall function 6C9D2382: LoadLibraryA.KERNEL32(02459235,?,?,?,?,?,6C9D4D45), ref: 6C9D2398
                                                                          • DialogBoxParamA.USER32(REMOTEDLG,6C9D2447,00000000), ref: 6C9D4D64
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen$DialogLibraryLoadParam
                                                                          • String ID: REMOTEDLG
                                                                          • API String ID: 1143393034-2730241525
                                                                          • Opcode ID: 258478d86190af3350e028b0d2850f6ef17f90ff69efea887298ad35d0782648
                                                                          • Instruction ID: 511791cf021f1ee5a1cf538cbd9f024f758c123b5c74570d5355c6c2a757dbac
                                                                          • Opcode Fuzzy Hash: 258478d86190af3350e028b0d2850f6ef17f90ff69efea887298ad35d0782648
                                                                          • Instruction Fuzzy Hash: 95F06DB230C6409FEF05AF61EC18B503A79EBA7A0AF258464A464AF7A0CB35F415DB10
                                                                          Function 6C9D1A45 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleA.KERNEL32(00000000,00000000,?,6C9D2C2A,00000000,00000000,?), ref: 6C9D1A53
                                                                          • CreateWindowExA.USER32(00000000,tooltips_class32,00000000,80000042,80000000,80000000,80000000,80000000,00000000,00000000,00000000), ref: 6C9D1A71
                                                                          • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 6C9D1A85
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Window$CreateHandleModule
                                                                          • String ID: tooltips_class32
                                                                          • API String ID: 1084761317-1918224756
                                                                          • Opcode ID: 339c95deb218c2f72da4ddf50f6168cfccf8e30979525029868013ff524131f2
                                                                          • Instruction ID: 483dea1c3db3859cb5ca0995500589a8cf93a3b4b454759fef97a994b338653a
                                                                          • Opcode Fuzzy Hash: 339c95deb218c2f72da4ddf50f6168cfccf8e30979525029868013ff524131f2
                                                                          • Instruction Fuzzy Hash: BEE0BFB260A531BEEBB45A666C0CFE73D7CEF5B7B1F614209B918E5281C6244901CBF4
                                                                          Function 6CE99BE8 Relevance: 6.2, APIs: 4, Instructions: 159threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetCurrentThreadId.KERNEL32 ref: 6CE99C1F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentThread
                                                                          • String ID:
                                                                          • API String ID: 2882836952-0
                                                                          • Opcode ID: 64752304ab782117d38431ed1fdb007f0ca2cb2d1e9c114707b3710fd05c4109
                                                                          • Instruction ID: c246734800d176cd9615568656c714061cf28f0f963c20a6e8a7e30675949b3e
                                                                          • Opcode Fuzzy Hash: 64752304ab782117d38431ed1fdb007f0ca2cb2d1e9c114707b3710fd05c4109
                                                                          • Instruction Fuzzy Hash: D651AF70A003408FDB21DF69D48879ABBF5AF0931CF34466ED80A8BB40D774D888CBA5
                                                                          Function 6C9611FB Relevance: 6.1, APIs: 4, Instructions: 71fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,?,?,00001000), ref: 6C961277
                                                                          • SetFilePointer.KERNEL32(00000000,000A5A5A,00000000,00000000,?,?,?,?,?,00001000), ref: 6C961287
                                                                          • ReadFile.KERNEL32(00000000,?,00002458,?,00000000,?,?,?,?,?,00001000), ref: 6C96129A
                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00001000), ref: 6C9612A1
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: File$CloseCreateHandlePointerRead
                                                                          • String ID:
                                                                          • API String ID: 4133201480-0
                                                                          • Opcode ID: e132fd4e9647f2827c79a7268621547cdcc77c3aa25ef5893750afb3bea8598e
                                                                          • Instruction ID: 0b141bc4b58dabe2c315782e1ccbf0bf72e9acd0d55cd33ecaf82b8a2a373e5d
                                                                          • Opcode Fuzzy Hash: e132fd4e9647f2827c79a7268621547cdcc77c3aa25ef5893750afb3bea8598e
                                                                          • Instruction Fuzzy Hash: BC218E71A00654FFDB109F69CC88E9AFBFCFF96700F10406AE605DB251D6709A45CB65
                                                                          Function 6C968BE0 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,CM_Get_Parent), ref: 6C967B0B
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,CM_Get_ParentA), ref: 6C967B1C
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,CM_Get_ParentW), ref: 6C967B2D
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,CM_Get_Child), ref: 6C967B48
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,CM_Get_ChildA), ref: 6C967B59
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,CM_Get_ChildW), ref: 6C967B6A
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,RegQueryValueExA), ref: 6C967B9B
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,RegQueryValueExAA), ref: 6C967BAC
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,RegQueryValueExAW), ref: 6C967BBD
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,RegCloseKey), ref: 6C967BD8
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,RegCloseKeyA), ref: 6C967BE9
                                                                            • Part of subcall function 6C967AE0: GetProcAddress.KERNEL32(00000000,RegCloseKeyW), ref: 6C967BFA
                                                                          • InitializeCriticalSection.KERNEL32(6C9C9FCC,00000000,6C966E8A,6C9CA038), ref: 6C968C4B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$CriticalInitializeSection
                                                                          • String ID: could not resolve DLL functions$error initializing %s backend$winusb_init
                                                                          • API String ID: 2804437462-3872515648
                                                                          • Opcode ID: f5bc4e0d788a140253a106c1b994bf55743dce64dda484f6789fadbeb64e1215
                                                                          • Instruction ID: 02fb9b5fbef069c2b85d2e5de1bdec47a5d0f2ef59bca64155ff79a25fdf4367
                                                                          • Opcode Fuzzy Hash: f5bc4e0d788a140253a106c1b994bf55743dce64dda484f6789fadbeb64e1215
                                                                          • Instruction Fuzzy Hash: 53F0E9B170420067FB10262E6D42FEF63555FF22ACF464955F895B3FC1D729C44251A3
                                                                          Function 6C9A10F7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156timeCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C99E9B0: HeapFree.KERNEL32(00000000,00000000,?,6C9A6E29,?,00000000,?,?,6C9A6E4E,?,00000007,?,?,6C9A6AFE,?,?), ref: 6C99E9C6
                                                                            • Part of subcall function 6C99E9B0: GetLastError.KERNEL32(?,?,6C9A6E29,?,00000000,?,?,6C9A6E4E,?,00000007,?,?,6C9A6AFE,?,?), ref: 6C99E9D1
                                                                          • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,6C9A12AA,00000000,00000000,00000000), ref: 6C9A1169
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFreeHeapInformationLastTimeZone
                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                          • API String ID: 3335090040-239921721
                                                                          • Opcode ID: 4391fc17297eadbfa338341eb9e17101355eacede4afc981a9b21593ded67f5a
                                                                          • Instruction ID: 23345a5ec83f7f8b85ad5c93863ae275a19483a6d0b39ba43783d23a8a76b57c
                                                                          • Opcode Fuzzy Hash: 4391fc17297eadbfa338341eb9e17101355eacede4afc981a9b21593ded67f5a
                                                                          • Instruction Fuzzy Hash: F741D671901255EBCB10AFB5CC449CE7BB8EF6725CB214256E811E7B90EB30DA06CB95
                                                                          Function 6C9D31C2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog3_GS.LIBCMT ref: 6C9D31C9
                                                                            • Part of subcall function 6C9D15B6: _strlen.LIBCMT ref: 6C9D15CD
                                                                            • Part of subcall function 6C9D189C: SetDlgItemTextA.USER32(000003F3,6C9D3CD9), ref: 6C9D18B4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog3_ItemText_strlen
                                                                          • String ID: %s-%s$N/A
                                                                          • API String ID: 3336728777-224051775
                                                                          • Opcode ID: 0ccef84acd86eb4168cc1d06798dee663e644b3792989b0739b549caff4997b5
                                                                          • Instruction ID: eca54f037ed32d8f7f39a8b405957622e9ed4ed4d0bb2cdd844d7535400532a7
                                                                          • Opcode Fuzzy Hash: 0ccef84acd86eb4168cc1d06798dee663e644b3792989b0739b549caff4997b5
                                                                          • Instruction Fuzzy Hash: 6421B762A00E0056D704FB788C16AFD76219B72369F82C198D5027FFC1DF55FA888BD2
                                                                          Function 6C9984B0 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateThread.KERNEL32(?,?,Function_00038354,00000000,?,?), ref: 6C9984F9
                                                                          • GetLastError.KERNEL32 ref: 6C998505
                                                                          • __dosmaperr.LIBCMT ref: 6C99850C
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CreateErrorLastThread__dosmaperr
                                                                          • String ID:
                                                                          • API String ID: 2744730728-0
                                                                          • Opcode ID: 59b691e3b2b66bf8557f0e6aca79b2f1f5a98a0f906a2c24ea23cf8ef82c423b
                                                                          • Instruction ID: e110d2bc8612fd98a976974d8fcece9892f723c58c5f551f7a099ee6722d5c8d
                                                                          • Opcode Fuzzy Hash: 59b691e3b2b66bf8557f0e6aca79b2f1f5a98a0f906a2c24ea23cf8ef82c423b
                                                                          • Instruction Fuzzy Hash: CE019EB2504109FFDF099FA1CC05ADF7BB9EF51358F18419DB80196A40DB31D954DBA4
                                                                          Function 6C998409 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C99EEA5: GetLastError.KERNEL32(00000000,00000000,6C9958B4,6C9A3448,?,6C99EF99,00000001,00000364,00000008,000000FF,6C961642,00000000,?,6C991C9F,00000000,89044689), ref: 6C99EEA9
                                                                            • Part of subcall function 6C99EEA5: SetLastError.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,6C9619E5,6C961642,?,6C961642,?,6C961335), ref: 6C99EF4B
                                                                          • CloseHandle.KERNEL32(?,?,?,6C998540,?,?,6C9983B2,00000000), ref: 6C99843A
                                                                          • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,6C998540,?,?,6C9983B2,00000000), ref: 6C998450
                                                                          • ExitThread.KERNEL32 ref: 6C998459
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                          • String ID:
                                                                          • API String ID: 1991824761-0
                                                                          • Opcode ID: 40c3b3be380bec0a2ced36a3ca1e30ab2d8b538d01d81d1125fcc734c1790417
                                                                          • Instruction ID: e9ac74a47cbb118a2f807ac2ca4ecf83b706ff57ec9aa43d3cacfe49dddb5b26
                                                                          • Opcode Fuzzy Hash: 40c3b3be380bec0a2ced36a3ca1e30ab2d8b538d01d81d1125fcc734c1790417
                                                                          • Instruction Fuzzy Hash: 46F082705056047BDB190A71C908B6F3BADAF02268F388A1DF839DB9E0D730D545C66D
                                                                          Function 6C968600 Relevance: 3.8, APIs: 3, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,?,?,6C96B1BF,00000000), ref: 6C968633
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,6C96B1BF,00000000), ref: 6C968660
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,6C96B1BF,00000000), ref: 6C96866E
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Leave$Enter
                                                                          • String ID:
                                                                          • API String ID: 2978645861-0
                                                                          • Opcode ID: 07b6cd81bcda6d105491a2254f1f83324dbc80f2d52e997629b8b022e1b594da
                                                                          • Instruction ID: bc80bea46822fa9022daa7a5e56dc5fcfe2a5422d4a64fd35a13fa2849b8d755
                                                                          • Opcode Fuzzy Hash: 07b6cd81bcda6d105491a2254f1f83324dbc80f2d52e997629b8b022e1b594da
                                                                          • Instruction Fuzzy Hash: AF11A0716053019FD708CF1AC884D2BF7B9FF86A09F65056AE85197A42E730ED09CBA9
                                                                          Function 6C9955F6 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C994D0C: GetConsoleOutputCP.KERNEL32(7661A3ED,00000000,00000000,?), ref: 6C994D6F
                                                                          • WriteFile.KERNEL32(?,00000000,00001000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C99577B
                                                                          • GetLastError.KERNEL32 ref: 6C995785
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ConsoleErrorFileLastOutputWrite
                                                                          • String ID:
                                                                          • API String ID: 2915228174-0
                                                                          • Opcode ID: 2141e698c995ae00c320620a36a6f4b6ca1cd9ac98734d33c11db9a91bf354db
                                                                          • Instruction ID: 7e6701bbecf9ea66af7d7d30581860222be2c3a7e691de134b28625a3add37e2
                                                                          • Opcode Fuzzy Hash: 2141e698c995ae00c320620a36a6f4b6ca1cd9ac98734d33c11db9a91bf354db
                                                                          • Instruction Fuzzy Hash: 7E61A471D04119EFDF01CFA8C984AEF7BBDAF1A709F280285E814AB655D331DA15CB60
                                                                          Function 6CE91000 Relevance: 3.1, APIs: 2, Instructions: 125memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 6CE9109E
                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 6CE9115C
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Virtual$AllocProtect
                                                                          • String ID:
                                                                          • API String ID: 2447062925-0
                                                                          • Opcode ID: c6e7cc97e81635be556d2c23620734c33a15422d9a2dbd70c89cb6f212da5ea0
                                                                          • Instruction ID: d490734126c7ea4d92d19e476fd7c0980afc28972924d5e2586a2fb7398cd012
                                                                          • Opcode Fuzzy Hash: c6e7cc97e81635be556d2c23620734c33a15422d9a2dbd70c89cb6f212da5ea0
                                                                          • Instruction Fuzzy Hash: 5751DFB1D00208AFDF05DFE5D885AEDFBB5BF08315F20806AE514BA6A0D7359A95CF50
                                                                          Function 6C9D38B6 Relevance: 3.1, APIs: 2, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog3_GS.LIBCMT ref: 6C9D38C0
                                                                            • Part of subcall function 6C9D195A: ShowWindow.USER32(00000000,?,00000000,?,6C9D33C9,0000560D,?,?,?,6C9D3E17,00005602,0000001E), ref: 6C9D196D
                                                                          • GetDlgItem.USER32(00000000,00000000), ref: 6C9D3A24
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog3_ItemShowWindow
                                                                          • String ID:
                                                                          • API String ID: 2355008015-0
                                                                          • Opcode ID: 228f61ebc06b9aff3b15d51e588a60b0966470aa88121bb8f20093ff6617b7ca
                                                                          • Instruction ID: 592d8712b3ed24f467e4d8ae297f44e7b27298ddfc9af751867ce801e3587159
                                                                          • Opcode Fuzzy Hash: 228f61ebc06b9aff3b15d51e588a60b0966470aa88121bb8f20093ff6617b7ca
                                                                          • Instruction Fuzzy Hash: C541B172A45524DBEB188F28DC54BE87B70BB62314F1681E9D419BBBA0C732EE45CF40
                                                                          Function 6CE9E920 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetUserDefaultUILanguage.KERNEL32(00000000,6CE9EA37,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,6CE9EABE,00000000,?,00000105), ref: 6CE9E9C9
                                                                          • GetSystemDefaultUILanguage.KERNEL32(00000000,6CE9EA37,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,6CE9EABE,00000000,?,00000105), ref: 6CE9E9F1
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DefaultLanguage$SystemUser
                                                                          • String ID:
                                                                          • API String ID: 384301227-0
                                                                          • Opcode ID: 766738458da44a30d4c1d0485a8f485793b398ded7d74e4bc1f885d42e7d58dc
                                                                          • Instruction ID: 63ac7bf3c97556180353dac5868b251a7306b6e10951a187bb91c365aeb4e234
                                                                          • Opcode Fuzzy Hash: 766738458da44a30d4c1d0485a8f485793b398ded7d74e4bc1f885d42e7d58dc
                                                                          • Instruction Fuzzy Hash: 1F312D30E10A199FDB10DB98C881BEEB7B5FF45308F304569D510A7B60DBB09E49CAD2
                                                                          Function 6C9951B8 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,6C995761,?,?,00000000,00001000,00000000,00000000), ref: 6C995254
                                                                          • GetLastError.KERNEL32(?,6C995761,?,?,00000000,00001000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 6C99527A
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastWrite
                                                                          • String ID:
                                                                          • API String ID: 442123175-0
                                                                          • Opcode ID: 4621e51e5f375b848c3389063a903b7b267987f3d920126293be7e043da3f0e9
                                                                          • Instruction ID: 57685a37502467605be0dcd8bd70a8eaa11cca63a528dd1862c4c5318299f9f9
                                                                          • Opcode Fuzzy Hash: 4621e51e5f375b848c3389063a903b7b267987f3d920126293be7e043da3f0e9
                                                                          • Instruction Fuzzy Hash: 8721A034A002599FDF19CF69C8809EEB7B9EB49306B2841A9EA06D7210D630DE42CF61
                                                                          Function 6CE9EA44 Relevance: 3.1, APIs: 2, Instructions: 56libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6CE9EB00,?,6CE90000,6CF77C24), ref: 6CE9EA80
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,6CE9EB00,?,6CE90000,6CF77C24), ref: 6CE9EAD1
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FileLibraryLoadModuleName
                                                                          • String ID:
                                                                          • API String ID: 1159719554-0
                                                                          • Opcode ID: b36702f67f75b12d2507bbca26ddcfdb18608aa6fd0f58a2bbf1cd73d425d5ff
                                                                          • Instruction ID: b6b1040cca7b7d1dcd9c15f710b6985da9c20905d9ccc7c947ec1bb645a5c9ff
                                                                          • Opcode Fuzzy Hash: b36702f67f75b12d2507bbca26ddcfdb18608aa6fd0f58a2bbf1cd73d425d5ff
                                                                          • Instruction Fuzzy Hash: E6115471D8461C9BDB10DB60CD95BDDB3B8EF08304F2149A9E508E7790DB705F84CA95
                                                                          Function 6C998354 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(6C9C5740,0000000C), ref: 6C998367
                                                                          • ExitThread.KERNEL32 ref: 6C99836E
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorExitLastThread
                                                                          • String ID:
                                                                          • API String ID: 1611280651-0
                                                                          • Opcode ID: 0c1b7bad6f8b51d68b1079bf3962ce9551881ffe4cf3b43ead8f3148b9937fb9
                                                                          • Instruction ID: b926e9d555bdb6530fb87e991cc7aa0fcd8e37fd0a7412268da78a9eece12c37
                                                                          • Opcode Fuzzy Hash: 0c1b7bad6f8b51d68b1079bf3962ce9551881ffe4cf3b43ead8f3148b9937fb9
                                                                          • Instruction Fuzzy Hash: C2F0C8B1A04201EFDB049BB0C449AAE7B74FF61604F28454DE4069BB50CB35D905CBA5
                                                                          Function 6CEBC3BC Relevance: 3.0, APIs: 2, Instructions: 34libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetErrorMode.KERNEL32 ref: 6CEBC3C6
                                                                          • LoadLibraryW.KERNEL32(00000000,00000000,6CEBC412,?,00000000,6CEBC432), ref: 6CEBC3F5
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLibraryLoadMode
                                                                          • String ID:
                                                                          • API String ID: 2987862817-0
                                                                          • Opcode ID: c884944e4aa22538acb900f20d29f34daceb640048a21a578c57331dc6d7b5fe
                                                                          • Instruction ID: f9f19a656c0b4d4281038d6ebe3bb2ec60b29dfa22ba431b36aa348c4809f4a5
                                                                          • Opcode Fuzzy Hash: c884944e4aa22538acb900f20d29f34daceb640048a21a578c57331dc6d7b5fe
                                                                          • Instruction Fuzzy Hash: 8DF0EC70A08644BFD7129FB28D6187ABBBCEB0DA003A38CB4F800E2F00E6388D108520
                                                                          Function 6C9D16CF Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDlgItem.USER32(?), ref: 6C9D16EB
                                                                          • KiUserCallbackDispatcher.NTDLL(00000000,?), ref: 6C9D16F3
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CallbackDispatcherItemUser
                                                                          • String ID:
                                                                          • API String ID: 4250310104-0
                                                                          • Opcode ID: 9d56f91d5526c7459dc8c866dea8e93e532f0cb2c7e6db52845600ae9f378d71
                                                                          • Instruction ID: afcddf9843fe36578c9b5b06318d1352b23c90a88f1c4f4ae52e518a301b6b3a
                                                                          • Opcode Fuzzy Hash: 9d56f91d5526c7459dc8c866dea8e93e532f0cb2c7e6db52845600ae9f378d71
                                                                          • Instruction Fuzzy Hash: ABE04F33204214AFFB005EABEC84C97B7FCFFA66663548016F950D2110C621E9408760
                                                                          Function 6C96C390 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FreeLibrary.KERNEL32(00000000), ref: 6C96C39D
                                                                          • FreeLibrary.KERNEL32(00000000), ref: 6C96C3B0
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FreeLibrary
                                                                          • String ID:
                                                                          • API String ID: 3664257935-0
                                                                          • Opcode ID: f2b102ba083e3884abfe691804474af448a2f8777ded24f958c9192e32dcda52
                                                                          • Instruction ID: a1fd55a1a46a7723823f217f9ca97ad8245f973702aede15757c6ceb20c33604
                                                                          • Opcode Fuzzy Hash: f2b102ba083e3884abfe691804474af448a2f8777ded24f958c9192e32dcda52
                                                                          • Instruction Fuzzy Hash: 85E08C7874A201A6FF186B119804F6A33257B6360EF60200AF8062BDC1CA22D009D616
                                                                          Function 6C9611D0 Relevance: 3.0, APIs: 2, Instructions: 18threadCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DisableThreadLibraryCalls.KERNEL32(?,?,6C98E61E,?,00000001,00000000,?,00000001,00000000,?,00000001,00000000,6C9C5490,0000000C,00000007,6C9C5468), ref: 6C9611DC
                                                                          • CreateThread.KERNEL32(00000000,00000000,6C961622,00000000,00000000,00000000), ref: 6C9611EE
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Thread$CallsCreateDisableLibrary
                                                                          • String ID:
                                                                          • API String ID: 2998158345-0
                                                                          • Opcode ID: 09404883fe85dced2bf5febdacb3a939d589ad13bc0ce244d4dd6f3f40be9b29
                                                                          • Instruction ID: 5d8c8d6f3f8c097d8b2acdcfc7e229f8abfc8936bc759556e4c96b41bd45d1fe
                                                                          • Opcode Fuzzy Hash: 09404883fe85dced2bf5febdacb3a939d589ad13bc0ce244d4dd6f3f40be9b29
                                                                          • Instruction Fuzzy Hash: C5D0C9F1518148FFFB005B728D0CD7B77ACEB0B219B458824BC55C5840D631DD11AA74
                                                                          Function 6C9D1905 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDlgItem.USER32(?,?), ref: 6C9D1916
                                                                          • KiUserCallbackDispatcher.NTDLL(00000000), ref: 6C9D191D
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CallbackDispatcherItemUser
                                                                          • String ID:
                                                                          • API String ID: 4250310104-0
                                                                          • Opcode ID: 86d92972b1bb0fb9d44c74afca17a60fbecc2fe72ebbd533b340399d868c6108
                                                                          • Instruction ID: 213fbadf25bc8a68fd2c619d9f827df0beafb93ffcbf302d9d43c5d7a7820cac
                                                                          • Opcode Fuzzy Hash: 86d92972b1bb0fb9d44c74afca17a60fbecc2fe72ebbd533b340399d868c6108
                                                                          • Instruction Fuzzy Hash: C3C00277118248BFEF452FA5E8088AA7FBDAF6E6117208051BA6585211C6369660AB60
                                                                          Function 6CF6DBEC Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(6CE90000,00000000,03044FC9,00000000,6CF6DCA3,?,?,03044FC8,00000001), ref: 6CF6DC2F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FileModuleName
                                                                          • String ID:
                                                                          • API String ID: 514040917-0
                                                                          • Opcode ID: 333753f3b583287dcbb7840d870e36c3047fb7f7b32c0b3f563d582beb6cd8b6
                                                                          • Instruction ID: 1f390a7c5377c3e987bf67bfea275d47daa852260e53ec5b9090889eeb728972
                                                                          • Opcode Fuzzy Hash: 333753f3b583287dcbb7840d870e36c3047fb7f7b32c0b3f563d582beb6cd8b6
                                                                          • Instruction Fuzzy Hash: 96218E71E01518EFCB01DF5AC880A8EB7F9EF89708B3084A8E414E7B14D770AE45CB90
                                                                          Function 6C9A28BA Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 46fb25aa124a1e13422f3949c5ad66aff901a0703a9bb69a103aae3f2d94ae61
                                                                          • Instruction ID: 97ca5583a60cfb1c02fa09fc0313d1d6c56118a69b048b455f50bd28d8b9ac8c
                                                                          • Opcode Fuzzy Hash: 46fb25aa124a1e13422f3949c5ad66aff901a0703a9bb69a103aae3f2d94ae61
                                                                          • Instruction Fuzzy Hash: 8701F933308614AF9F0A8AAEDC4595633B9FBC6B247354119F9188B544DB30D5028758
                                                                          Function 6CF6DD14 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LoadTypeLibEx.OLEAUT32(00000000,00000002,00000000), ref: 6CF6DD4A
                                                                            • Part of subcall function 6CE9A260: SysFreeString.OLEAUT32(?), ref: 6CE9A26E
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FreeLoadStringType
                                                                          • String ID:
                                                                          • API String ID: 1535477946-0
                                                                          • Opcode ID: 236eab4e7653ead463b530013cae8a664679a9806ddc6fe9348d3df3e3f86e4b
                                                                          • Instruction ID: c3c11961d3628377f19b7989ca97c936885176dd152725a08303cf66b2a917e4
                                                                          • Opcode Fuzzy Hash: 236eab4e7653ead463b530013cae8a664679a9806ddc6fe9348d3df3e3f86e4b
                                                                          • Instruction Fuzzy Hash: A6F08C30A48608AAE711EB66CD12A9E76ACDF49A08F714876E400D3F40DB25AE0891A5
                                                                          Function 6CE9D790 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(6CE90000,?,00000105), ref: 6CE9D7AE
                                                                            • Part of subcall function 6CE9EA44: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6CE9EB00,?,6CE90000,6CF77C24), ref: 6CE9EA80
                                                                            • Part of subcall function 6CE9EA44: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,6CE9EB00,?,6CE90000,6CF77C24), ref: 6CE9EAD1
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FileModuleName$LibraryLoad
                                                                          • String ID:
                                                                          • API String ID: 4113206344-0
                                                                          • Opcode ID: 4c2e90f54ab9233cbab13b7b0330d78595d98c7e9b46490739ad1093331659aa
                                                                          • Instruction ID: fb770fa7304010ac06707b509984f511e6037171d679395c70c82c5af3d50c35
                                                                          • Opcode Fuzzy Hash: 4c2e90f54ab9233cbab13b7b0330d78595d98c7e9b46490739ad1093331659aa
                                                                          • Instruction Fuzzy Hash: 10E0ED75A017209FDB00CE6CC9C0E8677F4AB09758F144A55ED54CF356E371D91487D1
                                                                          Function 6CE93186 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetFileAttributesW.KERNEL32(6CE933C8,?,?,6CE933C8,?), ref: 6CE931A9
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesFile
                                                                          • String ID:
                                                                          • API String ID: 3188754299-0
                                                                          • Opcode ID: 8995789e999a86265736a61bc07e58fa5ee5eae334195c99d1b69f2c638a264b
                                                                          • Instruction ID: c09ff068b6e49899abe2d03856a23ad2e6a58db8fe0aa79b501eb03ad817d703
                                                                          • Opcode Fuzzy Hash: 8995789e999a86265736a61bc07e58fa5ee5eae334195c99d1b69f2c638a264b
                                                                          • Instruction Fuzzy Hash: 65F015B1C08218EFEF009FA9D9096ACBBB0FB10318F208699D424A66A0E7715A458B44
                                                                          Function 6C9D189C Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetDlgItemTextA.USER32(000003F3,6C9D3CD9), ref: 6C9D18B4
                                                                            • Part of subcall function 6C9D111E: _Deallocate.LIBCONCRT ref: 6C9D112D
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DeallocateItemText
                                                                          • String ID:
                                                                          • API String ID: 3295671248-0
                                                                          • Opcode ID: ddced73203507e9910fb926cf23a8c3457190ed58808e550467b6c0011809c7b
                                                                          • Instruction ID: 89b6978cd2042c7356aab8ab7eed6b82373980738581203d4d82eb1f7f1cc14b
                                                                          • Opcode Fuzzy Hash: ddced73203507e9910fb926cf23a8c3457190ed58808e550467b6c0011809c7b
                                                                          • Instruction Fuzzy Hash: D3D06C3220450DEBCF059E84E840CE937B8AB29324BA0C125BA294A521D731E6A4DB50
                                                                          Function 6C9D19D9 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetWindowTextA.USER32(6C9D3E06), ref: 6C9D19EE
                                                                            • Part of subcall function 6C9D111E: _Deallocate.LIBCONCRT ref: 6C9D112D
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DeallocateTextWindow
                                                                          • String ID:
                                                                          • API String ID: 2658318031-0
                                                                          • Opcode ID: d151ebf8386fe3ea0a26d511638ae8817c6badc70aa06eda8afb6b5f44c340a9
                                                                          • Instruction ID: f1fa6803dfbe80e0ae15ca872fa42f8f5ddb2eaec1932f84bdb0aacfb0724cb3
                                                                          • Opcode Fuzzy Hash: d151ebf8386fe3ea0a26d511638ae8817c6badc70aa06eda8afb6b5f44c340a9
                                                                          • Instruction Fuzzy Hash: D8D0923220450DEBDB04DE55E8408A93BB8AB25340B908025A9194A521D731E7A9DF90
                                                                          Function 6C9D1999 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9D17F3: GetDlgItem.USER32(00050056,?), ref: 6C9D17FF
                                                                          • ShowWindow.USER32(00000000,?,00000005,?,6C9D33E4,0000560D,?,6C9FD7E0,00000000), ref: 6C9D19AC
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ItemShowWindow
                                                                          • String ID:
                                                                          • API String ID: 3351165006-0
                                                                          • Opcode ID: 7451eacb9ddbf08c6b649a7edba34e445133e892dfad639ce4d3a332a8720ae2
                                                                          • Instruction ID: 3179905c17034517c8787231967b9a37c5441bb05ef564d22d6ab6f1cf95bf33
                                                                          • Opcode Fuzzy Hash: 7451eacb9ddbf08c6b649a7edba34e445133e892dfad639ce4d3a332a8720ae2
                                                                          • Instruction Fuzzy Hash: 61C02B7310070873CB002AA1DC0DD477A1DAB7BB60F008000F400197509E33E1109662
                                                                          Function 6C9D195A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9D17F3: GetDlgItem.USER32(00050056,?), ref: 6C9D17FF
                                                                          • ShowWindow.USER32(00000000,?,00000000,?,6C9D33C9,0000560D,?,?,?,6C9D3E17,00005602,0000001E), ref: 6C9D196D
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ItemShowWindow
                                                                          • String ID:
                                                                          • API String ID: 3351165006-0
                                                                          • Opcode ID: 0ffc8631d2ffa789ba46ae3cb2ae9abaf839dec86fd24f605f3698a6d5408d41
                                                                          • Instruction ID: e765e1a75eb0307cd6229921c78bdb2f95b84624fcc622673191fb7cc6acf13d
                                                                          • Opcode Fuzzy Hash: 0ffc8631d2ffa789ba46ae3cb2ae9abaf839dec86fd24f605f3698a6d5408d41
                                                                          • Instruction Fuzzy Hash: 63C09BB314470877DB041AA1DC05F567A1D9B7BA60F508011F515597518E73F5109566
                                                                          Function 6C9D1881 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetDlgItemInt.USER32(000055F6,?,00000000), ref: 6C9D1892
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Item
                                                                          • String ID:
                                                                          • API String ID: 3207170592-0
                                                                          • Opcode ID: d97920d07e760e01979f1829677cb84b63f9e968810f6fef49210ba874583d48
                                                                          • Instruction ID: 21287335dfdf3c53174d597d1de0a7029228cf00257c784a9570eb6542ccef20
                                                                          • Opcode Fuzzy Hash: d97920d07e760e01979f1829677cb84b63f9e968810f6fef49210ba874583d48
                                                                          • Instruction Fuzzy Hash: 56C04C3714420CFBCF415E81FC05F897F79EB59761F208011F6140816086725660AB54
                                                                          Function 6C961622 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FromBlockLayers.LIB_HELP ref: 6C961622
                                                                            • Part of subcall function 6C9612B8: caerDeviceOpen.LIB_HELP(00000001,00000004,00000000,00000000,00000000), ref: 6C9612EC
                                                                            • Part of subcall function 6C9612B8: caerDeviceConfigSet.LIB_HELP(00000000,000000FE,00000001,00000001), ref: 6C9612FF
                                                                            • Part of subcall function 6C9612B8: caerDeviceDataGet.LIB_HELP(?), ref: 6C961317
                                                                            • Part of subcall function 6C9612B8: caerDeviceClose.LIB_HELP(?), ref: 6C961326
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Devicecaer$BlockCloseConfigDataFromLayersOpen
                                                                          • String ID: 32 bit float mono audio$FilesystemDialogsCOM.dll$fppdes9.dll
                                                                          • API String ID: 2564617508-1439629591
                                                                          • Opcode ID: 0e8a1d7e054561d0955c9c065d84df3b2f76bb5e033efcc96a056799e67dd64e
                                                                          • Instruction ID: 0b8e940ce7c4a1762ca603240d3a48e960a9cbcf45fe34c3902dfcb67765b138
                                                                          • Opcode Fuzzy Hash: 0e8a1d7e054561d0955c9c065d84df3b2f76bb5e033efcc96a056799e67dd64e
                                                                          • Instruction Fuzzy Hash:
                                                                          Function 6CE955FC Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,6CE95C17,?,6CE9E6D3,00000000,?,?,6CE9E66C,00000000,6CE9E691), ref: 6CE95613
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: c216a289624d1fc1bfc7f380ef945dae21114090166aae9d1f384ba78f626dea
                                                                          • Instruction ID: 3b9f6b9338c6be6884e5488ce01d140e8519154ff6960c64491fe10dffb3093f
                                                                          • Opcode Fuzzy Hash: c216a289624d1fc1bfc7f380ef945dae21114090166aae9d1f384ba78f626dea
                                                                          • Instruction Fuzzy Hash: 48F081F2F112114BFF59EF7899517427BE4A70A396F21423EE908EBB84D6B088018790

                                                                          Non-executed Functions

                                                                          Function 6C96BD80 Relevance: 126.5, APIs: 21, Strings: 51, Instructions: 479libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9663F0: GetSystemDirectoryA.KERNEL32(00000104,00000104), ref: 6C966415
                                                                          • GetProcAddress.KERNEL32(00000000,WinUsb_AbortPipe), ref: 6C96BDC4
                                                                          • GetProcAddress.KERNEL32(00000000,WinUsb_ControlTransfer), ref: 6C96BDE7
                                                                          • FreeLibrary.KERNEL32(00000000), ref: 6C96C061
                                                                          • GetProcAddress.KERNEL32(00000000,LibK_GetVersion), ref: 6C96C0A8
                                                                          • GetProcAddress.KERNEL32(?,LibK_GetProcAddress), ref: 6C96C102
                                                                          • FreeLibrary.KERNEL32(?), ref: 6C96C319
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$FreeLibrary$DirectorySystem
                                                                          • String ID: AbortPipe$ControlTransfer$FlushPipe$Free$GetAssociatedInterface$GetPipePolicy$GetProcAddress() failed for WinUsb_%s$Initialize$IsoWritePipe$LibK_GetProcAddress$LibK_GetProcAddress() failed for LibK_%s$LibK_GetProcAddress() not found in libusbK DLL$LibK_GetVersion$QueryPipeEx$ReadPipe$RegisterIsochBuffer$ResetPipe$SetCurrentAlternateSetting$SetPipePolicy$UnregisterIsochBuffer$WinUSB$WinUSB DLL available (%s isoch support)$WinUSB DLL is not available$WinUsb_AbortPipe$WinUsb_ControlTransfer$WinUsb_FlushPipe$WinUsb_Free$WinUsb_GetAssociatedInterface$WinUsb_GetPipePolicy$WinUsb_Initialize$WinUsb_QueryPipeEx$WinUsb_ReadIsochPipeAsap$WinUsb_ReadPipe$WinUsb_RegisterIsochBuffer$WinUsb_ResetPipe$WinUsb_SetCurrentAlternateSetting$WinUsb_SetPipePolicy$WinUsb_UnregisterIsochBuffer$WinUsb_WriteIsochPipeAsap$WinUsb_WritePipe$WriteIsochPipeAsap$WritePipe$failed to initialize WinUSB$failed to initialize libusbK$libusbK$libusbK DLL found, version unknown$libusbK DLL found, version: %d.%d.%d.%d$libusbK DLL is not available$neither WinUSB nor libusbK DLLs were found, you will not be able to access devices outside of enumeration$winusbx_init$with
                                                                          • API String ID: 3567866675-677582175
                                                                          • Opcode ID: 8fcead80c6082731142bd5587e38612b29db4c01a7c2b5caa6b1000845fefb96
                                                                          • Instruction ID: c753fc13969368d10a4e36f94bb9d9b8c477e078822510fd631a7747d52f613e
                                                                          • Opcode Fuzzy Hash: 8fcead80c6082731142bd5587e38612b29db4c01a7c2b5caa6b1000845fefb96
                                                                          • Instruction Fuzzy Hash: 49F1D571748301EBEF10AF568C41F5B76B9AB9A308F10051AF945ABEC1DB34CA45CB9B
                                                                          Function 6C9705F0 Relevance: 56.3, APIs: 14, Strings: 18, Instructions: 269libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9663F0: GetSystemDirectoryA.KERNEL32(00000104,00000104), ref: 6C966415
                                                                          • GetProcAddress.KERNEL32(00000000,UsbDk_GetDevicesList), ref: 6C970638
                                                                          • FreeLibrary.KERNEL32 ref: 6C97098C
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(00000000,?,00000000,6C96628E,?,00000064,00000000,?,?), ref: 6C966309
                                                                            • Part of subcall function 6C966300: FormatMessageA.KERNEL32(00001200,00000000,00000000,00000400,6C9C9D50,00000100,00000000,00000000,?,?), ref: 6C96636E
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000006,6C962194,?,00000084), ref: 6C966378
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$AddressDirectoryFormatFreeLibraryMessageProcSystem
                                                                          • String ID: Failed to load UsbDkHelper.dll: %s$UsbDkHelper$UsbDkHelper API %s not found: %s$UsbDk_AbortPipe$UsbDk_GetConfigurationDescriptor$UsbDk_GetDevicesList$UsbDk_GetRedirectorSystemHandle$UsbDk_ReadPipe$UsbDk_ReleaseConfigurationDescriptor$UsbDk_ReleaseDevicesList$UsbDk_ResetDevice$UsbDk_ResetPipe$UsbDk_SetAltsetting$UsbDk_StartRedirect$UsbDk_StopRedirect$UsbDk_WritePipe$get_usbdk_proc_addr$load_usbdk_helper_dll
                                                                          • API String ID: 3971621483-893179777
                                                                          • Opcode ID: 6f58f4dc5ebb494d2fe650cfed51ae7c51ee3e69259b1029bfc32bb600126cbd
                                                                          • Instruction ID: bec249cc7256184fe2ba1f102168abbcec7e4c68796243ab27106069154e07ac
                                                                          • Opcode Fuzzy Hash: 6f58f4dc5ebb494d2fe650cfed51ae7c51ee3e69259b1029bfc32bb600126cbd
                                                                          • Instruction Fuzzy Hash: 208195B0349301F6EB106F374CA1EDE7968BBB634C751593AB501A3E81CB77C6148A97
                                                                          Function 6C966780 Relevance: 45.8, APIs: 8, Strings: 18, Instructions: 266COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetVersionExA.KERNEL32(?), ref: 6C9667C4
                                                                          • GetVersionExA.KERNEL32(00000094), ref: 6C9667EA
                                                                          • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000001), ref: 6C96681F
                                                                          • VerifyVersionInfoA.KERNEL32(0000009C,00000002,00000000,?), ref: 6C966878
                                                                          • VerSetConditionMask.KERNEL32(00000000,00000000,00000001,00000001), ref: 6C9668A3
                                                                          • VerifyVersionInfoA.KERNEL32(0000009C,00000001,00000000,?), ref: 6C9668F8
                                                                          • GetCurrentProcess.KERNEL32(?), ref: 6C966A46
                                                                          • IsWow64Process.KERNEL32(00000000), ref: 6C966A4D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Version$ConditionInfoMaskProcessVerify$CurrentWow64
                                                                          • String ID: 12 or later$2000$2003$2008$2008_R2$2012$2012_R2$2016$2022$32-bit$64-bit$8 (or later)$8.1$Vista$Windows %s %s$Windows %s SP%u %s$Windows %s SP%u.%u %s$get_windows_version
                                                                          • API String ID: 361742173-777888838
                                                                          • Opcode ID: 978803565f972e96797c9281a583574dc2480d4257c576694df0f8382be723cd
                                                                          • Instruction ID: c9e4684fe4b8349273bdd895550e6d6d9a94af3b3c482f0a8ff071899bd77dd0
                                                                          • Opcode Fuzzy Hash: 978803565f972e96797c9281a583574dc2480d4257c576694df0f8382be723cd
                                                                          • Instruction Fuzzy Hash: 4391177AA08301ABE7208E65D885B9B77D8DB85758F11486DF949EBEC1E770C808C7D3
                                                                          Function 6C96EE10 Relevance: 37.2, APIs: 7, Strings: 14, Instructions: 444fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,40000000,00000000), ref: 6C96EEE5
                                                                          • CreateIoCompletionPort.KERNEL32(00000000,?,?,00000000,?,C0000000,00000003,00000000,00000003,40000000,00000000), ref: 6C96EF04
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C96EF33
                                                                          • CreateFileA.KERNEL32(?,00000000,00000003,00000000,00000003,40000000,00000000), ref: 6C96EF6E
                                                                          • CreateIoCompletionPort.KERNEL32(00000000,?,?,00000000), ref: 6C96EF91
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Create$CompletionFilePort$CloseHandle
                                                                          • String ID: Report ID: 0x%02X$ could not process %s report IDs$%lu HID %s report value(s) found$could not gain access to HID top collection (HidD_GetAttributes)$could not open HID device in R/W mode (keyboard or mouse?) - trying without$could not open device %s (interface %d): %s$could not parse HID capabilities (HidP_GetCaps)$could not read HID preparsed data (HidD_GetPreparsedData)$failed to associate handle to I/O completion port: %s$hid_open$program assertion failed - private HID structure is uninitialized$program assertion failed - zero and nonzero report IDs used for %s$set maximum input buffer size to %d$windows_open
                                                                          • API String ID: 568993524-2399887040
                                                                          • Opcode ID: 4c358b72d502b38864588dc6619d08d0e4a4903ff1a6a32d26ab38d2f956d19a
                                                                          • Instruction ID: 7d5852d5a5ebc510b9b11f846439ffd94197bba4aad03bb473dfb3e39ebfbb8b
                                                                          • Opcode Fuzzy Hash: 4c358b72d502b38864588dc6619d08d0e4a4903ff1a6a32d26ab38d2f956d19a
                                                                          • Instruction Fuzzy Hash: 1702A0752082009FE710CF29C885FAABBF4BF99308F14596DF989DBA91D731D904CB92
                                                                          Function 6C974F50 Relevance: 37.2, APIs: 3, Strings: 18, Instructions: 432COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000007,dvs132sOpen,Initializing %s.,DVS132S), ref: 6C974F83
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,dvs132sOpen,Failed to allocate memory for device handle.), ref: 6C974FA9
                                                                          • caerLogLevelGet.LIB_HELP ref: 6C974FFE
                                                                          Strings
                                                                          • Unable to submit libusb transfer %zu (debug channel). Error: %s (%d)., xrefs: 6C975468
                                                                          • Failed to generate USB information string., xrefs: 6C975102
                                                                          • Unable to allocate any libusb transfers (debug channel)., xrefs: 6C97549B
                                                                          • DVS132S ID-%hu SN-%s [%hhu:%hhu], xrefs: 6C975150
                                                                          • DVS132S, xrefs: 6C974F6C, 6C97501D
                                                                          • Initialized device successfully with USB Bus=%hhu:Addr=%hhu., xrefs: 6C9754B5
                                                                          • DVS Size X: %d, Size Y: %d, Invert: %d., xrefs: 6C975334
                                                                          • Failed to open device, no matching device could be found or opened., xrefs: 6C97508F
                                                                          • %s %hu, xrefs: 6C975022
                                                                          • IMU Flip X: %d, Flip Y: %d, Flip Z: %d., xrefs: 6C975377
                                                                          • @, xrefs: 6C974FD5
                                                                          • Unable to allocate further libusb transfers (debug channel, %zu of %u)., xrefs: 6C9753B0
                                                                          • Failed to open device, see above log message for more information (errno=%d)., xrefs: 6C9750C4
                                                                          • Clock frequencies: LOGIC %f, USB %f., xrefs: 6C9752BC
                                                                          • Initializing %s., xrefs: 6C974F71
                                                                          • Failed to allocate memory for device handle., xrefs: 6C974F9D
                                                                          • Unable to allocate buffer for libusb transfer %zu (debug channel). Error: %d., xrefs: 6C9753EB
                                                                          • dvs132sOpen, xrefs: 6C974F76, 6C974FA2
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$FullLevel
                                                                          • String ID: %s %hu$@$Clock frequencies: LOGIC %f, USB %f.$DVS Size X: %d, Size Y: %d, Invert: %d.$DVS132S$DVS132S ID-%hu SN-%s [%hhu:%hhu]$Failed to allocate memory for device handle.$Failed to generate USB information string.$Failed to open device, no matching device could be found or opened.$Failed to open device, see above log message for more information (errno=%d).$IMU Flip X: %d, Flip Y: %d, Flip Z: %d.$Initialized device successfully with USB Bus=%hhu:Addr=%hhu.$Initializing %s.$Unable to allocate any libusb transfers (debug channel).$Unable to allocate buffer for libusb transfer %zu (debug channel). Error: %d.$Unable to allocate further libusb transfers (debug channel, %zu of %u).$Unable to submit libusb transfer %zu (debug channel). Error: %s (%d).$dvs132sOpen
                                                                          • API String ID: 1165663149-4260227388
                                                                          • Opcode ID: b81e171a13d4f023817c06dacc95f99259b767e17a6dd4b9712e18519dd02647
                                                                          • Instruction ID: 690c0fe0b6cef9e9d1688bc1fb90ec6039e7d38d17883fae1c03c6f126362029
                                                                          • Opcode Fuzzy Hash: b81e171a13d4f023817c06dacc95f99259b767e17a6dd4b9712e18519dd02647
                                                                          • Instruction Fuzzy Hash: 9BE14AB1505300AEE3119B20CC81FEB73ACAF75309F444665F948ABB82EB75E51887B2
                                                                          Function 6C96C8E0 Relevance: 33.7, APIs: 8, Strings: 11, Instructions: 429fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32 ref: 6C96CA95
                                                                          • GetLastError.KERNEL32 ref: 6C96CBA0
                                                                          • ___from_strstr_to_strchr.LIBCMT ref: 6C96CC26
                                                                          • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,40000000,00000000), ref: 6C96CC7F
                                                                          • CreateIoCompletionPort.KERNEL32(00000000,?,?,00000000), ref: 6C96CC99
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C96CCC1
                                                                          • CloseHandle.KERNEL32(?), ref: 6C96CD15
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C96CD4C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle$CreateErrorLast$CompletionFilePort___from_strstr_to_strchr
                                                                          • String ID: auto-claimed interface %u (required to claim %u with WinUSB)$claimed interface %u$could not access interface %u: %s$could not claim interface %u: %s$could not initialize filter driver for %s$could not open device %s: %s$failed to associate handle to I/O completion port: %s$failed to auto-claim interface %u (required to claim %u with WinUSB): %s$invalid associated index. iface=%u, initialized iface=%u$windows_open$winusbx_claim_interface
                                                                          • API String ID: 3752871037-3850066853
                                                                          • Opcode ID: d6f317690c04bbb122ff807f2fae71c5e83d128d3aa264f55fb9803d7a43a051
                                                                          • Instruction ID: 12241394cab03c0ec7bac6f9852b4abedf656552ebf15f0fc88ee316d6207057
                                                                          • Opcode Fuzzy Hash: d6f317690c04bbb122ff807f2fae71c5e83d128d3aa264f55fb9803d7a43a051
                                                                          • Instruction Fuzzy Hash: 7EE115B12082009FDB04DF2AC850B6FB7E8AF9A318F540A1DF59597BD1D735E508CBA2
                                                                          Function 6C9742F3 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 402COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C97438D
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventSetTimestamp() with negative value!), ref: 6C9743AD
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C974473
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventSetTimestamp() with negative value!), ref: 6C974493
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C974562
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventSetTimestamp() with negative value!), ref: 6C974582
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C974651
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventSetTimestamp() with negative value!), ref: 6C974671
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerPolarityEventSetTimestamp() with negative value!$Failed to allocate polarity event packet.$Polarity Event
                                                                          • API String ID: 3879971092-4079811864
                                                                          • Opcode ID: 68c9e6857aa9ef7a4ae03f78844c9b64a0889f6bfca42143adee4f528b357020
                                                                          • Instruction ID: 8a3e02d12c2e852295b3d76cbaa4881faf3f80fa9fa8155fe39b46f3379fe268
                                                                          • Opcode Fuzzy Hash: 68c9e6857aa9ef7a4ae03f78844c9b64a0889f6bfca42143adee4f528b357020
                                                                          • Instruction Fuzzy Hash: 0EE1F4712067519BD738CF29C891BB7B7E1FF91304F04896DE5AA86A82E734E145CF21
                                                                          Function 6C970B30 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 321COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C970C07
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C970C39
                                                                          Strings
                                                                          • cannot append new device to list, xrefs: 6C970F72
                                                                          • failed to retrieve configuration descriptors, xrefs: 6C970F09
                                                                          • usbdk_cache_config_descriptors, xrefs: 6C970E34, 6C970F0E
                                                                          • failed to allocate a new device structure, xrefs: 6C970C73
                                                                          • usbdk_get_device_list, xrefs: 6C970C78, 6C970F77
                                                                          • usbdk_get_session_id_for_device, xrefs: 6C970BDD
                                                                          • failed to allocate configuration descriptors holder, xrefs: 6C970E2F
                                                                          • cannot form device identity, xrefs: 6C970BD8
                                                                          • %S%S, xrefs: 6C970BBC
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: %S%S$cannot append new device to list$cannot form device identity$failed to allocate a new device structure$failed to allocate configuration descriptors holder$failed to retrieve configuration descriptors$usbdk_cache_config_descriptors$usbdk_get_device_list$usbdk_get_session_id_for_device
                                                                          • API String ID: 3168844106-3686305466
                                                                          • Opcode ID: aea4fd7a16c0f7734a9499ffbbd9f9759bd63c92271a609e1cb7ae472a954231
                                                                          • Instruction ID: f436975b8ed1c06b75eb8df7e64e9f8cfedb8de8282b4c8602d02839c120dd3c
                                                                          • Opcode Fuzzy Hash: aea4fd7a16c0f7734a9499ffbbd9f9759bd63c92271a609e1cb7ae472a954231
                                                                          • Instruction Fuzzy Hash: A6D1D5706093408FD715CF25C480B9ABBF5BF99308F484A6DF8899B742D731DA48CBA6
                                                                          Function 6C9D2382 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 73libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LoadLibraryA.KERNEL32(02459235,?,?,?,?,?,6C9D4D45), ref: 6C9D2398
                                                                          • FindResourceA.KERNEL32(00000000,?,00000005), ref: 6C9D23CC
                                                                          • LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,6C9D4D45), ref: 6C9D23EF
                                                                          • LockResource.KERNEL32(00000000,?,?,?,?,?,6C9D4D45), ref: 6C9D2413
                                                                          • DialogBoxIndirectParamA.USER32(00000000,00000000,6C9D2447,00000000), ref: 6C9D2428
                                                                          • FreeResource.KERNEL32(00000000,?,?,?,?,?,6C9D4D45), ref: 6C9D242F
                                                                          • FreeResource.KERNEL32(00000000,?,?,?,?,?,6C9D4D45), ref: 6C9D243A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Resource$FreeLoad$DialogFindIndirectLibraryLockParam
                                                                          • String ID: %s is missing!?$%s resource error!?$%s resource loading error!?
                                                                          • API String ID: 2006123345-913878211
                                                                          • Opcode ID: 7852431a8d7bf1b5db98d5edfae3a5d88cbdd979992f13a3f4f53dfb94cc03ab
                                                                          • Instruction ID: 4678310a3b71aa421c6716ae352d308a285ae92959017e04b7e7b5061c118700
                                                                          • Opcode Fuzzy Hash: 7852431a8d7bf1b5db98d5edfae3a5d88cbdd979992f13a3f4f53dfb94cc03ab
                                                                          • Instruction Fuzzy Hash: 3B11E2B3708900BBDB012A29CC59A5A377CDF9B7A971A8015F801FBB41D621EC0287B2
                                                                          Function 6C9ADEC0 Relevance: 10.1, APIs: 8, Instructions: 119memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • TlsGetValue.KERNEL32(FFFFFFFF,7661A3ED,?,?,?,?,?,6C9AF08D,000000FF), ref: 6C9ADEF5
                                                                          • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,6C9AF08D,000000FF), ref: 6C9ADF4E
                                                                          • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,6C9AF08D,000000FF), ref: 6C9ADF55
                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,6C9AF08D,000000FF), ref: 6C9ADF5E
                                                                          • HeapFree.KERNEL32(00000000,?,?,?,?,?,6C9AF08D,000000FF), ref: 6C9ADF65
                                                                          • TlsSetValue.KERNEL32(FFFFFFFF,00000000), ref: 6C9ADFD3
                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6C9ADFEE
                                                                          • HeapFree.KERNEL32(00000000), ref: 6C9ADFF5
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$FreeProcess$Value
                                                                          • String ID:
                                                                          • API String ID: 3709577838-0
                                                                          • Opcode ID: b48317c77c1bf816fe1912e5f123cd9b5455634f08cbb67f7ed6544c0f9ffedb
                                                                          • Instruction ID: 5a7377591e6d84b5eca9c1ff61885dd39aba43a7620ccaaee019e99f89b4e399
                                                                          • Opcode Fuzzy Hash: b48317c77c1bf816fe1912e5f123cd9b5455634f08cbb67f7ed6544c0f9ffedb
                                                                          • Instruction Fuzzy Hash: 18418272645200EFDB148FA5C988B5777B8FF0A725F244659FD1A9BB80C730E915CBA0
                                                                          Function 0041DC31 Relevance: 9.2, Strings: 7, Instructions: 414COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %G, $%d, $, B-Percentage (%), B-Phase (D)$;B-Order, B-Frequency (Hz), B-RMS $???$???, $fnRMS_B(EU)_Array
                                                                          • API String ID: 0-1060373276
                                                                          • Opcode ID: 969643bec7dee332c34a4f2ba733620b68a653fb8e061bfab8dcafd499237e29
                                                                          • Instruction ID: c5fd685e7737419c47d77ec39747ea3a7093d1a977a4ef334e7a08b0e4be29c0
                                                                          • Opcode Fuzzy Hash: 969643bec7dee332c34a4f2ba733620b68a653fb8e061bfab8dcafd499237e29
                                                                          • Instruction Fuzzy Hash: 41D1E131604B404BC72CDA38D855AABBBD6FBC4320F544B2DF9AB872D5DFB49A09C641
                                                                          Function 0041D785 Relevance: 9.2, Strings: 7, Instructions: 414COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %G, $%d, $, A-Percentage (%), A-Phase (D)$;A-Order, A-Frequency (Hz), A-RMS $???$???, $fnRMS_A(EU)_Array
                                                                          • API String ID: 0-903677422
                                                                          • Opcode ID: 4088c6b1ce44b0b5be7e3784539145b8ca2d054fe379b224ea5d26329db9c214
                                                                          • Instruction ID: afd90eb5d2061dd4cddbb64a17414b0f36f9e8028ba6c5bb255e700626e59aeb
                                                                          • Opcode Fuzzy Hash: 4088c6b1ce44b0b5be7e3784539145b8ca2d054fe379b224ea5d26329db9c214
                                                                          • Instruction Fuzzy Hash: BCD10331604A404BD72CCA38C855AAFBBD6FBC4320F544B2DF8AB872D5DFB49A09C651
                                                                          Function 6C99C1C0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 43b6e84b6c967f6299410b88d9c35361f4f443aa0a18717f727f8cd859c2bb56
                                                                          • Instruction ID: 7109c010a81737c795bf335c86cf1c071de9db6a41db61d26c18eb3043bdb0d3
                                                                          • Opcode Fuzzy Hash: 43b6e84b6c967f6299410b88d9c35361f4f443aa0a18717f727f8cd859c2bb56
                                                                          • Instruction Fuzzy Hash: 6D024B71E012199BDB14DFA9C8906AEFBF5FF48318F288269E519E7740D731EA41CB90
                                                                          Function 6C98F1D2 Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 6C98F1DE
                                                                          • IsDebuggerPresent.KERNEL32 ref: 6C98F2AA
                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6C98F2C3
                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 6C98F2CD
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                          • String ID:
                                                                          • API String ID: 254469556-0
                                                                          • Opcode ID: 94cecdb399a11ef03e209bb2541f73f9d8b698b679980191df8ddac626368e22
                                                                          • Instruction ID: 86c8c0a110f2213cc5628218a7ed19e3c190a19eaeabdde0c020baf6ecf13164
                                                                          • Opcode Fuzzy Hash: 94cecdb399a11ef03e209bb2541f73f9d8b698b679980191df8ddac626368e22
                                                                          • Instruction Fuzzy Hash: 5C31F8B9D06258DBDF10DFA4C949BCDBBB8AF18308F1051AAE40DAB250E7719B85CF45
                                                                          Function 6C9E1B3F Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(00000000,?,6C9E1B15,00000000,6C9FA1D0,0000000C,6C9E1C5D,00000000,00000002,00000000), ref: 6C9E1B60
                                                                          • TerminateProcess.KERNEL32(00000000,?,6C9E1B15,00000000,6C9FA1D0,0000000C,6C9E1C5D,00000000,00000002,00000000), ref: 6C9E1B67
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Process$CurrentTerminate
                                                                          • String ID:
                                                                          • API String ID: 2429186680-0
                                                                          • Opcode ID: 5b303b2acd1599b5bf9ba275ab15d8992b51d56ea839f9e4d736fc1aef0cef11
                                                                          • Instruction ID: 708fe8088cb643225395760675f5509f564fdec9b4e4c87096cfa2e036c748d0
                                                                          • Opcode Fuzzy Hash: 5b303b2acd1599b5bf9ba275ab15d8992b51d56ea839f9e4d736fc1aef0cef11
                                                                          • Instruction Fuzzy Hash: F2E04632104108AFCF46AF50C908E983B79EFBA649F180428F9058AA22DB35DA42CA40
                                                                          Function 6C9D230C Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • invalid string position, xrefs: 6C9D230C
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: std::invalid_argument::invalid_argument
                                                                          • String ID: invalid string position
                                                                          • API String ID: 2141394445-1799206989
                                                                          • Opcode ID: 5c0c7b2f8316c85409f50260020f07ea38e22129c6f003f93db785e3c9a4dae2
                                                                          • Instruction ID: 1c7f777a829639be529d61c186afca11ced34e75ad687ab83d75f8b87bf706fc
                                                                          • Opcode Fuzzy Hash: 5c0c7b2f8316c85409f50260020f07ea38e22129c6f003f93db785e3c9a4dae2
                                                                          • Instruction Fuzzy Hash: 7BF05E313059449FD708DF55C448B59B7A8EB49A14F158669A93ADBF90CB31E8018A50
                                                                          Function 6C967AE0 Relevance: 142.0, APIs: 39, Strings: 42, Instructions: 279libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9663F0: GetSystemDirectoryA.KERNEL32(00000104,00000104), ref: 6C966415
                                                                          • GetProcAddress.KERNEL32(00000000,CM_Get_Parent), ref: 6C967B0B
                                                                          • GetProcAddress.KERNEL32(00000000,CM_Get_ParentA), ref: 6C967B1C
                                                                          • GetProcAddress.KERNEL32(00000000,CM_Get_ParentW), ref: 6C967B2D
                                                                          • GetProcAddress.KERNEL32(00000000,CM_Get_Child), ref: 6C967B48
                                                                          • GetProcAddress.KERNEL32(00000000,CM_Get_ChildA), ref: 6C967B59
                                                                          • GetProcAddress.KERNEL32(00000000,CM_Get_ChildW), ref: 6C967B6A
                                                                          • GetProcAddress.KERNEL32(00000000,RegQueryValueExA), ref: 6C967B9B
                                                                          • GetProcAddress.KERNEL32(00000000,RegQueryValueExAA), ref: 6C967BAC
                                                                          • GetProcAddress.KERNEL32(00000000,RegQueryValueExAW), ref: 6C967BBD
                                                                          • GetProcAddress.KERNEL32(00000000,RegCloseKey), ref: 6C967BD8
                                                                          • GetProcAddress.KERNEL32(00000000,RegCloseKeyA), ref: 6C967BE9
                                                                          • GetProcAddress.KERNEL32(00000000,RegCloseKeyW), ref: 6C967BFA
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetClassDevsA), ref: 6C967C2B
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetClassDevsAA), ref: 6C967C3C
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetClassDevsAW), ref: 6C967C4D
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInfo), ref: 6C967C68
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInfoA), ref: 6C967C79
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInfoW), ref: 6C967C8A
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInterfaces), ref: 6C967CA5
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInterfacesA), ref: 6C967CB6
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInterfacesW), ref: 6C967CC7
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInstanceIdA), ref: 6C967CE2
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInstanceIdAA), ref: 6C967CF3
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInstanceIdAW), ref: 6C967D04
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInterfaceDetailA), ref: 6C967D1F
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInterfaceDetailAA), ref: 6C967D30
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInterfaceDetailAW), ref: 6C967D41
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceRegistryPropertyA), ref: 6C967D5C
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceRegistryPropertyAA), ref: 6C967D6D
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceRegistryPropertyAW), ref: 6C967D7E
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiDestroyDeviceInfoList), ref: 6C967D99
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiDestroyDeviceInfoListA), ref: 6C967DAA
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiDestroyDeviceInfoListW), ref: 6C967DBB
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiOpenDevRegKey), ref: 6C967DD2
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiOpenDevRegKeyA), ref: 6C967DE3
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiOpenDevRegKeyW), ref: 6C967DF4
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiOpenDeviceInterfaceRegKey), ref: 6C967E0B
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiOpenDeviceInterfaceRegKeyA), ref: 6C967E1C
                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiOpenDeviceInterfaceRegKeyW), ref: 6C967E2D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$DirectorySystem
                                                                          • String ID: AdvAPI32$CM_Get_Child$CM_Get_ChildA$CM_Get_ChildW$CM_Get_Parent$CM_Get_ParentA$CM_Get_ParentW$Cfgmgr32$RegCloseKey$RegCloseKeyA$RegCloseKeyW$RegQueryValueExA$RegQueryValueExAA$RegQueryValueExAW$SetupAPI$SetupDiDestroyDeviceInfoList$SetupDiDestroyDeviceInfoListA$SetupDiDestroyDeviceInfoListW$SetupDiEnumDeviceInfo$SetupDiEnumDeviceInfoA$SetupDiEnumDeviceInfoW$SetupDiEnumDeviceInterfaces$SetupDiEnumDeviceInterfacesA$SetupDiEnumDeviceInterfacesW$SetupDiGetClassDevsA$SetupDiGetClassDevsAA$SetupDiGetClassDevsAW$SetupDiGetDeviceInstanceIdA$SetupDiGetDeviceInstanceIdAA$SetupDiGetDeviceInstanceIdAW$SetupDiGetDeviceInterfaceDetailA$SetupDiGetDeviceInterfaceDetailAA$SetupDiGetDeviceInterfaceDetailAW$SetupDiGetDeviceRegistryPropertyA$SetupDiGetDeviceRegistryPropertyAA$SetupDiGetDeviceRegistryPropertyAW$SetupDiOpenDevRegKey$SetupDiOpenDevRegKeyA$SetupDiOpenDevRegKeyW$SetupDiOpenDeviceInterfaceRegKey$SetupDiOpenDeviceInterfaceRegKeyA$SetupDiOpenDeviceInterfaceRegKeyW
                                                                          • API String ID: 1520112125-662495316
                                                                          • Opcode ID: 3cae480914e234a4faa44f063bbbe83aa796cf6134cb2c82d71fb669d1165572
                                                                          • Instruction ID: 7c9e9b225a75e16346e22a59bfd8c1b2dd551f53cfe3e6b6c23820965507abf2
                                                                          • Opcode Fuzzy Hash: 3cae480914e234a4faa44f063bbbe83aa796cf6134cb2c82d71fb669d1165572
                                                                          • Instruction Fuzzy Hash: DC814175B186176A6B029B3F4C50A3B3AFC5BD674C736052BE400E3E81FBB4D9019BA1
                                                                          Function 6C96EAA0 Relevance: 138.5, APIs: 39, Strings: 40, Instructions: 264libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9663F0: GetSystemDirectoryA.KERNEL32(00000104,00000104), ref: 6C966415
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetAttributes), ref: 6C96EACC
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetAttributesA), ref: 6C96EADD
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetAttributesW), ref: 6C96EAEE
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetHidGuid), ref: 6C96EB09
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetHidGuidA), ref: 6C96EB1A
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetHidGuidW), ref: 6C96EB2B
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetPreparsedData), ref: 6C96EB46
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetPreparsedDataA), ref: 6C96EB57
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetPreparsedDataW), ref: 6C96EB68
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_FreePreparsedData), ref: 6C96EB83
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_FreePreparsedDataA), ref: 6C96EB94
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_FreePreparsedDataW), ref: 6C96EBA5
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetManufacturerString), ref: 6C96EBC0
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetManufacturerStringA), ref: 6C96EBD1
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetManufacturerStringW), ref: 6C96EBE2
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetProductString), ref: 6C96EBFD
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetProductStringA), ref: 6C96EC0E
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetProductStringW), ref: 6C96EC1F
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetSerialNumberString), ref: 6C96EC3A
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetSerialNumberStringA), ref: 6C96EC4B
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetSerialNumberStringW), ref: 6C96EC5C
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetIndexedString), ref: 6C96EC77
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetIndexedStringA), ref: 6C96EC88
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetIndexedStringW), ref: 6C96EC99
                                                                          • GetProcAddress.KERNEL32(00000000,HidP_GetCaps), ref: 6C96ECB4
                                                                          • GetProcAddress.KERNEL32(00000000,HidP_GetCapsA), ref: 6C96ECC5
                                                                          • GetProcAddress.KERNEL32(00000000,HidP_GetCapsW), ref: 6C96ECD6
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_SetNumInputBuffers), ref: 6C96ECF1
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_SetNumInputBuffersA), ref: 6C96ED02
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_SetNumInputBuffersW), ref: 6C96ED13
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetPhysicalDescriptor), ref: 6C96ED2E
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetPhysicalDescriptorA), ref: 6C96ED3F
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_GetPhysicalDescriptorW), ref: 6C96ED50
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_FlushQueue), ref: 6C96ED67
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_FlushQueueA), ref: 6C96ED78
                                                                          • GetProcAddress.KERNEL32(00000000,HidD_FlushQueueW), ref: 6C96ED89
                                                                          • GetProcAddress.KERNEL32(00000000,HidP_GetValueCaps), ref: 6C96EDA0
                                                                          • GetProcAddress.KERNEL32(00000000,HidP_GetValueCapsA), ref: 6C96EDB1
                                                                          • GetProcAddress.KERNEL32(00000000,HidP_GetValueCapsW), ref: 6C96EDC2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$DirectorySystem
                                                                          • String ID: HidD_FlushQueue$HidD_FlushQueueA$HidD_FlushQueueW$HidD_FreePreparsedData$HidD_FreePreparsedDataA$HidD_FreePreparsedDataW$HidD_GetAttributes$HidD_GetAttributesA$HidD_GetAttributesW$HidD_GetHidGuid$HidD_GetHidGuidA$HidD_GetHidGuidW$HidD_GetIndexedString$HidD_GetIndexedStringA$HidD_GetIndexedStringW$HidD_GetManufacturerString$HidD_GetManufacturerStringA$HidD_GetManufacturerStringW$HidD_GetPhysicalDescriptor$HidD_GetPhysicalDescriptorA$HidD_GetPhysicalDescriptorW$HidD_GetPreparsedData$HidD_GetPreparsedDataA$HidD_GetPreparsedDataW$HidD_GetProductString$HidD_GetProductStringA$HidD_GetProductStringW$HidD_GetSerialNumberString$HidD_GetSerialNumberStringA$HidD_GetSerialNumberStringW$HidD_SetNumInputBuffers$HidD_SetNumInputBuffersA$HidD_SetNumInputBuffersW$HidP_GetCaps$HidP_GetCapsA$HidP_GetCapsW$HidP_GetValueCaps$HidP_GetValueCapsA$HidP_GetValueCapsW$hid
                                                                          • API String ID: 1520112125-1278351654
                                                                          • Opcode ID: 18cd9da3d12f592b8d04a869de9d2f6e1b061b1460db2c040d61f3233f415b63
                                                                          • Instruction ID: 7017d47709be8b4bbd4581840902dcf8fcb6fa93d0cea48619a1588d597da60c
                                                                          • Opcode Fuzzy Hash: 18cd9da3d12f592b8d04a869de9d2f6e1b061b1460db2c040d61f3233f415b63
                                                                          • Instruction Fuzzy Hash: 4F81EB71B1CA17A56B029B3B8C54A7B3AFD67A668D325152BE400E3D40FFB4D1019F93
                                                                          Function 6C9D4503 Relevance: 58.1, APIs: 8, Strings: 25, Instructions: 393memorytimeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog3_GS.LIBCMT ref: 6C9D450A
                                                                          • LocalAlloc.KERNEL32(00000040,00000800,00000044,6C9D26A5,6C9FC8DC,?,000055FD), ref: 6C9D4555
                                                                          • LocalAlloc.KERNEL32(00000040,00000800), ref: 6C9D4563
                                                                          • GetLocalTime.KERNEL32(?), ref: 6C9D490A
                                                                            • Part of subcall function 6C9D111E: _Deallocate.LIBCONCRT ref: 6C9D112D
                                                                          • _memcmp.LIBVCRUNTIME ref: 6C9D49E2
                                                                          • ShellExecuteA.SHELL32(open,00000000,?,00000000,00000001), ref: 6C9D4A0A
                                                                          • LocalFree.KERNEL32(?), ref: 6C9D4A17
                                                                          • LocalFree.KERNEL32(00000000), ref: 6C9D4A1A
                                                                            • Part of subcall function 6C9D15B6: _strlen.LIBCMT ref: 6C9D15CD
                                                                            • Part of subcall function 6C9D4A43: _strlen.LIBCMT ref: 6C9D4A51
                                                                            • Part of subcall function 6C9D4A43: _memcmp.LIBVCRUNTIME ref: 6C9D4A5A
                                                                            • Part of subcall function 6C9D4A43: lstrlen.KERNEL32(6C9D459F,?,?,?,00000000,?,6C9D459F,%SITECODE%), ref: 6C9D4A85
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Local$AllocFree_memcmp_strlen$DeallocateExecuteH_prolog3_ShellTimelstrlen
                                                                          • String ID: %02u.%02u.%04u %02u:%02u$%08X$%ACENCLIENTID%$%ACENORDERID%$%APPNAME%$%CMIDCODE%$%CSITECODE%$%DATETIME%$%LANGUAGE%$%LICSTATUS%$%LOGFILE%$%MIDCODE%$%NEXTMIDCODE%$%NEXTSITECODE%$%PARAMS:$%REMOVALCODE%$%SERIALNUMBER%$%SITECODE%$%USERADDRESS%$%USERCOMPANY%$%USERCUSTOM1%$%USERCUSTOM2%$%USERCUSTOM3%$%USERNAME%$open
                                                                          • API String ID: 4065643155-3256888437
                                                                          • Opcode ID: b8a30d652ddad8dd7c4dda51a0b0b56d46e14b907eea4585934bd57d262d2d50
                                                                          • Instruction ID: 6617c1b6a619b209d8d15ea195c74021c116a14ccc7450b79ffdb326b6867e37
                                                                          • Opcode Fuzzy Hash: b8a30d652ddad8dd7c4dda51a0b0b56d46e14b907eea4585934bd57d262d2d50
                                                                          • Instruction Fuzzy Hash: F8D1E372E006085BCF04EF78DD41BDC7775AB61208F968194E8187BB86EB71EA098FD5
                                                                          Function 6C964FC0 Relevance: 58.0, APIs: 21, Strings: 12, Instructions: 255COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • TlsGetValue.KERNEL32(?), ref: 6C964FF8
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C965013
                                                                          • SetEvent.KERNEL32(?), ref: 6C965040
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96506F
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96507C
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96508F
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C9650C6
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C9650D8
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96518D
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C965197
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C9651C6
                                                                          • EnterCriticalSection.KERNEL32(00000000), ref: 6C965239
                                                                          • LeaveCriticalSection.KERNEL32(00000000), ref: 6C96526D
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C96528C
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C9652B3
                                                                          • ResetEvent.KERNEL32(?), ref: 6C9652D1
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C965300
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C965313
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96531C
                                                                          • WakeAllConditionVariable.KERNEL32(?), ref: 6C965325
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96532C
                                                                          Strings
                                                                          • libusb_unref_device, xrefs: 6C9651FF
                                                                          • usbi_clear_event, xrefs: 6C9652E8
                                                                          • Device handle closed while transfer was still being processed, but the device is still connected as far as we know, xrefs: 6C9650E5
                                                                          • ResetEvent failed: %s, xrefs: 6C9652E3
                                                                          • Removed transfer %p from the in-flight list because device handle %p closed, xrefs: 6C96513C
                                                                          • SetEvent failed: %s, xrefs: 6C965052
                                                                          • destroy device %d.%d, xrefs: 6C9651FA
                                                                          • libusb_close, xrefs: 6C964FDF
                                                                          • usbi_signal_event, xrefs: 6C965057
                                                                          • do_close, xrefs: 6C9650EA, 6C965106, 6C965114, 6C965141
                                                                          • A cancellation for an in-flight transfer hasn't completed but closing the device handle, xrefs: 6C965101
                                                                          • A cancellation hasn't even been scheduled on the transfer for which the device is closing, xrefs: 6C96510F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave$Event$ConditionDeleteResetValueVariableWake
                                                                          • String ID: A cancellation for an in-flight transfer hasn't completed but closing the device handle$A cancellation hasn't even been scheduled on the transfer for which the device is closing$Device handle closed while transfer was still being processed, but the device is still connected as far as we know$Removed transfer %p from the in-flight list because device handle %p closed$ResetEvent failed: %s$SetEvent failed: %s$destroy device %d.%d$do_close$libusb_close$libusb_unref_device$usbi_clear_event$usbi_signal_event
                                                                          • API String ID: 792553634-3762565895
                                                                          • Opcode ID: 9e20501738ae60c8789f11bf0d3d75d5ed7dfd042f01cad2b86f324b4d098069
                                                                          • Instruction ID: c28ab87e4486fe85d9eac158a94497ddd3addfb0252f3dfe4b7e2ce765e49ee3
                                                                          • Opcode Fuzzy Hash: 9e20501738ae60c8789f11bf0d3d75d5ed7dfd042f01cad2b86f324b4d098069
                                                                          • Instruction Fuzzy Hash: 7BA1AEB0504741EFE700CF65C984F9BB7F9BF99308F104968E99A97A82D730E509CBA1
                                                                          Function 6C962E00 Relevance: 47.7, APIs: 18, Strings: 9, Instructions: 409COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C962ED6
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C962EE4
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C962F8A
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C962F9D
                                                                          • TryEnterCriticalSection.KERNEL32(?), ref: 6C962FC5
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96301B
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C963085
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C963098
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C9630F2
                                                                          • SleepConditionVariableCS.KERNEL32(?,?,00000001), ref: 6C9631CC
                                                                          • GetLastError.KERNEL32 ref: 6C9631E0
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C963255
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C9632AE
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C9632BC
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C963354
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96335D
                                                                          • WakeAllConditionVariable.KERNEL32(?), ref: 6C96336A
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C963371
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Leave$Enter$ConditionVariable$ErrorLastSleepWake
                                                                          • String ID: API misuse! Using non-default context as implicit default.$another thread is doing event handling$doing our own event handling$event handler was active but went away, retrying$libusb_event_handler_active$libusb_handle_events_timeout_completed$libusb_try_lock_events$someone else is closing a device$usbi_get_context
                                                                          • API String ID: 1016495707-877886999
                                                                          • Opcode ID: 5b87a1935927a3a0ec3f7b6d774c7f92a90b254972234f2bc80084f990091b05
                                                                          • Instruction ID: 6dfb71bad2d21b1ac2366f24b25e3b7ec0b86c7659e6148f0c9ae04efe629cac
                                                                          • Opcode Fuzzy Hash: 5b87a1935927a3a0ec3f7b6d774c7f92a90b254972234f2bc80084f990091b05
                                                                          • Instruction Fuzzy Hash: 3CE10472A0C701EBEB11CF278844B5B7379BB96B68F250619E85867F80DB30D648CBD5
                                                                          Function 6C961B50 Relevance: 43.9, APIs: 15, Strings: 10, Instructions: 154memorytimeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • InitializeCriticalSection.KERNEL32(?), ref: 6C961B63
                                                                          • InitializeCriticalSection.KERNEL32(?), ref: 6C961B6C
                                                                          • InitializeCriticalSection.KERNEL32(?), ref: 6C961B75
                                                                          • InitializeConditionVariable.KERNEL32(?), ref: 6C961B7E
                                                                          • InitializeCriticalSection.KERNEL32(?), ref: 6C961B8B
                                                                          • TlsAlloc.KERNEL32 ref: 6C961B8D
                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 6C961BD5
                                                                          • CreateWaitableTimerW.KERNEL32(00000000,00000001,00000000), ref: 6C961C2A
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(00000000,?,00000000,6C96628E,?,00000064,00000000,?,?), ref: 6C966309
                                                                            • Part of subcall function 6C966300: FormatMessageA.KERNEL32(00001200,00000000,00000000,00000400,6C9C9D50,00000100,00000000,00000000,?,?), ref: 6C96636E
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000006,6C962194,?,00000084), ref: 6C966378
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C961CF5
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C961CFE
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C961D07
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C961D10
                                                                          • TlsFree.KERNEL32(?), ref: 6C961D18
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Initialize$Delete$CreateErrorLast$AllocConditionEventFormatFreeMessageTimerVariableWaitable
                                                                          • String ID: CloseHandle failed: %s$CreateEvent failed: %s$CreateWaitableTimer failed: %s$timer not available for timeouts$usbi_create_event$usbi_create_timer$usbi_destroy_event$usbi_destroy_timer$usbi_io_init$using timer for timeouts
                                                                          • API String ID: 2302664380-2373444741
                                                                          • Opcode ID: 955813cae384d8cb1868ecc17b6b255bd3a15aee8c4af2feacf64e95fe12840e
                                                                          • Instruction ID: ff1d4d4a2638ce2031a5ff11d344e1990683dd50e132fd74750775a8d19b6d7a
                                                                          • Opcode Fuzzy Hash: 955813cae384d8cb1868ecc17b6b255bd3a15aee8c4af2feacf64e95fe12840e
                                                                          • Instruction Fuzzy Hash: BE51A0B5704605BBE7449B728D41F9BB7A8BF55308F008626E619E7EC0EB74E4188BE0
                                                                          Function 6C9791D7 Relevance: 42.4, APIs: 8, Strings: 16, Instructions: 407COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C979349
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C97940D
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C97942D
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C9794C3
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C9794E3
                                                                          • caerLog.LIB_HELP(00000002,IMU6 Event,Called caerIMU6EventSetTimestamp() with negative value!), ref: 6C979595
                                                                          • caerLog.LIB_HELP(00000002,IMU6 Event,Called caerIMU6EventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C979609
                                                                          Strings
                                                                          • IMU6 Start event received., xrefs: 6C979510
                                                                          • External input (falling edge) event received., xrefs: 6C9792D0
                                                                          • Caught special reserved event!, xrefs: 6C9791F5
                                                                          • Special Event, xrefs: 6C979322, 6C979342, 6C979406, 6C979426, 6C9794BC, 6C9794DC
                                                                          • IMU6 Event, xrefs: 6C97958E, 6C979602
                                                                          • IMU End: failed to validate IMU sample count (%hhu), discarding samples., xrefs: 6C979636
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C97933D, 6C979421, 6C9794D7
                                                                          • Caught special event that can't be handled: %d., xrefs: 6C9797A8
                                                                          • Called caerIMU6EventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C9795FD
                                                                          • External input (pulse) event received., xrefs: 6C979464
                                                                          • IMU End event received., xrefs: 6C979561
                                                                          • Timestamp reset event received., xrefs: 6C979211
                                                                          • External input (rising edge) event received., xrefs: 6C9793B2
                                                                          • Called caerIMU6EventSetTimestamp() with negative value!, xrefs: 6C979589
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C97931D, 6C979401, 6C9794B7
                                                                          • Failed to allocate polarity event packet., xrefs: 6C9790EC
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerIMU6EventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerIMU6EventSetTimestamp() with negative value!$Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$Caught special event that can't be handled: %d.$Caught special reserved event!$External input (falling edge) event received.$External input (pulse) event received.$External input (rising edge) event received.$Failed to allocate polarity event packet.$IMU End event received.$IMU End: failed to validate IMU sample count (%hhu), discarding samples.$IMU6 Event$IMU6 Start event received.$Special Event$Timestamp reset event received.
                                                                          • API String ID: 3879971092-699933547
                                                                          • Opcode ID: 87bc3cc7852dc18a775ea45fe8c90324df8abed913fd63ffaae1fa8bf2a663e9
                                                                          • Instruction ID: d1e221bf0d56475a484b59b17890162d28b1e8acac718e66b6d9672a6a4e4756
                                                                          • Opcode Fuzzy Hash: 87bc3cc7852dc18a775ea45fe8c90324df8abed913fd63ffaae1fa8bf2a663e9
                                                                          • Instruction Fuzzy Hash: D3E1F3B0A46602FFD7249F24CC51BD5B3A4FF66308F050719E9689BA92E731F5248BB1
                                                                          Function 6CEC2D00 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 6CEC2D09
                                                                            • Part of subcall function 6CEC2CD4: GetProcAddress.KERNEL32(00000000), ref: 6CEC2CED
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AddressHandleModuleProc
                                                                          • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                          • API String ID: 1646373207-1918263038
                                                                          • Opcode ID: e35760d1162f1a8c5f31f4859460aa33a4caffcce6a82e0c82ac4ec90982432e
                                                                          • Instruction ID: 9ae650c6e46361e981cafaa302069558c1bfcaf74a024bd48b03b4a3f6b7889b
                                                                          • Opcode Fuzzy Hash: e35760d1162f1a8c5f31f4859460aa33a4caffcce6a82e0c82ac4ec90982432e
                                                                          • Instruction Fuzzy Hash: C54185A2B152484B5A184B6D670BAA677F89766210770B13EF434EFF40DE74EC81872B
                                                                          Function 00419ADD Relevance: 41.5, Strings: 33, Instructions: 220COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (Hz)$125Hz$1kHz$250Hz$2kHz$4kHz$500Hz$63Hz$8kHz$C50(dB)$C80(dB)$D50(%)$EDT(s)$MTF(0.63Hz)$MTF(0.8Hz)$MTF(1.25Hz)$MTF(1.6Hz)$MTF(10Hz)$MTF(12.5Hz)$MTF(1Hz)$MTF(2.5Hz)$MTF(2Hz)$MTF(3.15Hz)$MTF(4Hz)$MTF(5Hz)$MTF(6.3Hz)$MTF(8Hz)$MTI$STI(F)$STI(M)$T20(s)$T30(s)$Ts(s)
                                                                          • API String ID: 0-4184159828
                                                                          • Opcode ID: 445fcc32cb5902cb53ecb69baf0c0190e4b3506941e0aa814552226128ccba13
                                                                          • Instruction ID: 05e63146009b6a0ef265b82beada968d79d320d72643ac55d79d1d481228bcee
                                                                          • Opcode Fuzzy Hash: 445fcc32cb5902cb53ecb69baf0c0190e4b3506941e0aa814552226128ccba13
                                                                          • Instruction Fuzzy Hash: 9571F9703487A2A7D214DF01ED27FAF775ABBD0F11F100A2DF091261D1DAAA6946CB1B
                                                                          Function 6C962AC0 Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 261COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • TlsGetValue.KERNEL32(?,?,?,?,76ECE820,?,?,6C9632FF), ref: 6C962AD3
                                                                          • EnterCriticalSection.KERNEL32(?,?,?,76ECE820,?,?,6C9632FF), ref: 6C962AF5
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,76ECE820,?,?,6C9632FF), ref: 6C962D3E
                                                                          Strings
                                                                          • usbi_alloc_event_data, xrefs: 6C962B78, 6C962D24
                                                                          • WaitForMultipleObjects() failed: %s, xrefs: 6C962D5B
                                                                          • usbi_clear_event, xrefs: 6C962C4B
                                                                          • WaitForMultipleObjects() for %lu HANDLEs with timeout in %dms, xrefs: 6C962CAD
                                                                          • ResetEvent failed: %s, xrefs: 6C962C46
                                                                          • program assertion failed - expected exactly 1 or 2 HANDLEs, xrefs: 6C962D1F
                                                                          • usbi_wait_for_events, xrefs: 6C962CB2, 6C962CDD, 6C962D60
                                                                          • event sources modified, reallocating event data, xrefs: 6C962B08
                                                                          • handle_events, xrefs: 6C962B0D
                                                                          • WaitForMultipleObjects() returned %lu, xrefs: 6C962CD8
                                                                          • program assertion failed - event data already allocated, xrefs: 6C962B73
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeaveValue
                                                                          • String ID: ResetEvent failed: %s$WaitForMultipleObjects() failed: %s$WaitForMultipleObjects() for %lu HANDLEs with timeout in %dms$WaitForMultipleObjects() returned %lu$event sources modified, reallocating event data$handle_events$program assertion failed - event data already allocated$program assertion failed - expected exactly 1 or 2 HANDLEs$usbi_alloc_event_data$usbi_clear_event$usbi_wait_for_events
                                                                          • API String ID: 1327302620-2055051712
                                                                          • Opcode ID: 3ac17d41c14f86ab385fde7ad38c2426c7abc3a9f3099e33e45b96fec1eebabe
                                                                          • Instruction ID: 2090ba4e4fb7a0700318f47436c609cb18167585cb88ffbd3633665610efdfa0
                                                                          • Opcode Fuzzy Hash: 3ac17d41c14f86ab385fde7ad38c2426c7abc3a9f3099e33e45b96fec1eebabe
                                                                          • Instruction Fuzzy Hash: 6B91F675604701ABDB009F2ACC98B9AB7A9EF8131CF1445B8EC48EBE81D734D949C794
                                                                          Function 6C9682F0 Relevance: 40.5, APIs: 11, Strings: 12, Instructions: 255COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetupDiGetClassDevsA.SETUPAPI(6C9C3814,?,?,00000012), ref: 6C96832E
                                                                          • SetupDiEnumDeviceInterfaces.SETUPAPI(?,00000000,6C9C3814,?,?), ref: 6C968385
                                                                          • GetLastError.KERNEL32(?,00000000,6C9C3814,?,?), ref: 6C96838F
                                                                          • SetupDiDestroyDeviceInfoList.SETUPAPI ref: 6C9683C1
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(00000000,?,00000000,6C96628E,?,00000064,00000000,?,?), ref: 6C966309
                                                                            • Part of subcall function 6C966300: FormatMessageA.KERNEL32(00001200,00000000,00000000,00000400,6C9C9D50,00000100,00000000,00000000,?,?), ref: 6C96636E
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000006,6C962194,?,00000084), ref: 6C966378
                                                                          • SetupDiDestroyDeviceInfoList.SETUPAPI ref: 6C9685D4
                                                                          Strings
                                                                          • assigned libusb0 symbolic link %s, xrefs: 6C968559
                                                                          • program assertion failed - http://msdn.microsoft.com/en-us/library/ms792901.aspx is wrong, xrefs: 6C9685BD
                                                                          • could not allocate interface data for index %lu, xrefs: 6C968420
                                                                          • could not access interface data (actual) for index %lu: %s, xrefs: 6C96846C
                                                                          • could not open device interface registry key for index %lu: %s, xrefs: 6C968593
                                                                          • Could not obtain interface data for index %lu: %s, xrefs: 6C9683A5
                                                                          • \\.\libusb0-%04u, xrefs: 6C96854D
                                                                          • get_interface_details_filter, xrefs: 6C968348, 6C9683AA, 6C968425, 6C968471, 6C96855E, 6C968598, 6C9685C2
                                                                          • could not allocate interface path for index %lu, xrefs: 6C9684EA
                                                                          • could not obtain device info set: %s, xrefs: 6C968343
                                                                          • could not access interface data (dummy) for index %lu: %s, xrefs: 6C968402
                                                                          • LUsb0, xrefs: 6C96852D
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Setup$DeviceErrorLast$DestroyInfoList$ClassDevsEnumFormatInterfacesMessage
                                                                          • String ID: Could not obtain interface data for index %lu: %s$LUsb0$\\.\libusb0-%04u$assigned libusb0 symbolic link %s$could not access interface data (actual) for index %lu: %s$could not access interface data (dummy) for index %lu: %s$could not allocate interface data for index %lu$could not allocate interface path for index %lu$could not obtain device info set: %s$could not open device interface registry key for index %lu: %s$get_interface_details_filter$program assertion failed - http://msdn.microsoft.com/en-us/library/ms792901.aspx is wrong
                                                                          • API String ID: 274701470-3431703016
                                                                          • Opcode ID: e7a909857def01a3dbe48e04d9745ae3f7c4d9402cd0a13ff697c2dfe135aaa8
                                                                          • Instruction ID: 816e18a099710802b5c318c432254b875b844febe877cfd5b0a0745a49bf8164
                                                                          • Opcode Fuzzy Hash: e7a909857def01a3dbe48e04d9745ae3f7c4d9402cd0a13ff697c2dfe135aaa8
                                                                          • Instruction Fuzzy Hash: 3B81A4B0208345AFE7049F26CC41FAF77A8AB9631CF50092AF95596EC1E771DA04876B
                                                                          Function 00419D9B Relevance: 40.4, Strings: 32, Instructions: 361COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (Hz)$1.25kHz$1.6kHz$100Hz$10kHz$125Hz$160Hz$1kHz$2.5kHz$200Hz$250Hz$2kHz$3.15kHz$315Hz$400Hz$4kHz$500Hz$50Hz$5kHz$6.3kHz$630Hz$63Hz$800Hz$80Hz$8kHz$C50(dB)$C80(dB)$D50(%)$EDT(s)$T20(s)$T30(s)$Ts(s)
                                                                          • API String ID: 0-3495147613
                                                                          • Opcode ID: 235c2da72156fc1e3c9a938dd2170e90ba3d64daec6db38a9ddec1e8c788a59e
                                                                          • Instruction ID: c93d6e9b24435652dcdf9078c5675daaa59d7638352a902607e6487b52e93210
                                                                          • Opcode Fuzzy Hash: 235c2da72156fc1e3c9a938dd2170e90ba3d64daec6db38a9ddec1e8c788a59e
                                                                          • Instruction Fuzzy Hash: 0FC146303487927BD628EF11DC67F6F7A5ABBC1F10F100A2CF1A1261D6DFA1690A8756
                                                                          Function 6C9859B7 Relevance: 37.1, APIs: 9, Strings: 12, Instructions: 339COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9887A0: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C988D7B,00000002,?,Failed to grow event packet of type %d.,?,?,?,?,?,6C9831D3,?), ref: 6C9887C7
                                                                          • caerLog.LIB_HELP(00000002,Frame Event,Called caerFrameEventSetTSEndOfFrame() with negative value!), ref: 6C985A3E
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C985A99
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C985AB6
                                                                          • caerLog.LIB_HELP(00000002,Frame Event,Called caerFrameEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C985B43
                                                                          • caerFrameUtilsDemosaic.LIB_HELP(?,00000000,00000000,00000000,?,?,00000003,?), ref: 6C985CEB
                                                                          • caerFrameUtilsDemosaic.LIB_HELP(?,00000000,00000001), ref: 6C985D03
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventNumber() with negative value!), ref: 6C985D54
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventValid() with negative value!), ref: 6C985D75
                                                                          • caerLog.LIB_HELP(00000002,Frame Event,Called caerFrameEventValidate() on already valid event.), ref: 6C985D93
                                                                          Strings
                                                                          • Called caerEventPacketHeaderSetEventValid() with negative value!, xrefs: 6C985D69
                                                                          • Frame Event, xrefs: 6C985A37, 6C985B3C, 6C985D8C
                                                                          • Called caerFrameEventSetTSEndOfFrame() with negative value!, xrefs: 6C985A32
                                                                          • Called caerFrameEventValidate() on already valid event., xrefs: 6C985D87
                                                                          • APS Frame End: CountX[%zu] is %d., xrefs: 6C9859E5
                                                                          • Called caerFrameEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C985B37
                                                                          • Called caerEventPacketHeaderSetEventNumber() with negative value!, xrefs: 6C985D48
                                                                          • Special Event, xrefs: 6C985A92, 6C985AAF
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C985A8D
                                                                          • EventPacket Header, xrefs: 6C985D4D, 6C985D6E
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C985AAA
                                                                          • APS Frame End - %zu: wrong column count %d detected, expected %d., xrefs: 6C985A07
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$DemosaicFrameFullUtils
                                                                          • String ID: APS Frame End - %zu: wrong column count %d detected, expected %d.$APS Frame End: CountX[%zu] is %d.$Called caerEventPacketHeaderSetEventNumber() with negative value!$Called caerEventPacketHeaderSetEventValid() with negative value!$Called caerFrameEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerFrameEventSetTSEndOfFrame() with negative value!$Called caerFrameEventValidate() on already valid event.$Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$EventPacket Header$Frame Event$Special Event
                                                                          • API String ID: 3460953118-3186250579
                                                                          • Opcode ID: 0c0fcb32e6af28bf42cb9b49ba553c0786a1387d0ee35ec2754d2f42be7f0ba2
                                                                          • Instruction ID: 824d2e5f052c1682c97454ec5f094f23b2311fa2e46149aeefc88df19557e5cc
                                                                          • Opcode Fuzzy Hash: 0c0fcb32e6af28bf42cb9b49ba553c0786a1387d0ee35ec2754d2f42be7f0ba2
                                                                          • Instruction Fuzzy Hash: 26C1E271546B00AFE7208F34CD81FA7BBE4AF62309F044D1DE89A9BA42E731E459CB51
                                                                          Function 6C962430 Relevance: 35.2, APIs: 10, Strings: 10, Instructions: 244COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(00000084), ref: 6C96245B
                                                                          • LeaveCriticalSection.KERNEL32(00000084), ref: 6C9624CA
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C9624F1
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C9624FF
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C9625B9
                                                                          • LeaveCriticalSection.KERNEL32(000000BC), ref: 6C962621
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C96266B
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C9626D4
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C9626FA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave$Delete
                                                                          • String ID: API misuse! Using non-default context as implicit default.$destroy device %d.%d$failed to set timer for next timeout$interpreting short transfer as error$libusb_free_transfer$libusb_unref_device$transfer %p$transfer %p has callback %p$usbi_get_context$usbi_handle_transfer_completion
                                                                          • API String ID: 2284602516-1427940855
                                                                          • Opcode ID: 3090bf7f0f4fb8ba9e2eaf4d342fd0af15913c3070049a4f61ea2a570df8f028
                                                                          • Instruction ID: 6274555726acf2433428ef53fc4cc6c7924ef066e106a4fab538faa3fe78f054
                                                                          • Opcode Fuzzy Hash: 3090bf7f0f4fb8ba9e2eaf4d342fd0af15913c3070049a4f61ea2a570df8f028
                                                                          • Instruction Fuzzy Hash: 3D91C2B1608704EFEB10CF26C988B5BB7F8BF95318F144559E8599BE81D730E948CB91
                                                                          Function 6C9827E0 Relevance: 33.7, APIs: 3, Strings: 16, Instructions: 483COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000007,samsungEVKOpen,Initializing %s.,Samsung EVK), ref: 6C982813
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,samsungEVKOpen,Failed to allocate memory for device handle.), ref: 6C982839
                                                                          • caerLogLevelGet.LIB_HELP ref: 6C98288E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$FullLevel
                                                                          • String ID: $$%s %hu$2$2$2$?$Failed to allocate memory for device handle.$Failed to generate USB information string.$Failed to open device, no matching device could be found or opened.$Failed to open device, see above log message for more information (errno=%d).$Initialized device successfully with USB Bus=%hhu:Addr=%hhu.$Initializing %s.$Samsung EVK$Samsung EVK ID-%hu SN-%s [%hhu:%hhu]$samsungEVKOpen$startup
                                                                          • API String ID: 1165663149-3833456949
                                                                          • Opcode ID: b67f72dd5b9c645c4ac1789a27dce359742d27dc8ff29f83fd2a0697f0c15562
                                                                          • Instruction ID: 459a853592bfb33b352ce02543aee131ddbc92433902921665d7f95ace327589
                                                                          • Opcode Fuzzy Hash: b67f72dd5b9c645c4ac1789a27dce359742d27dc8ff29f83fd2a0697f0c15562
                                                                          • Instruction Fuzzy Hash: B9F193706893407DF32197249C42FEF76E89FB6B18F440909F794BA6C1DBA5F1088667
                                                                          Function 6C97F860 Relevance: 33.5, APIs: 6, Strings: 13, Instructions: 246COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,?,?), ref: 6C97F958
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C97221D
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.,00000020,00000001,00000000), ref: 6C97F9B9
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,00000000,?), ref: 6C97FA3E
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventNumber() with negative value!), ref: 6C97FA7D
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventValidate() on already valid event.), ref: 6C97FAAF
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C97FACE
                                                                          Strings
                                                                          • Dropped EventPacket Container because ring-buffer full! This means your processing loop is not keeping up with new data ready to be read from caerDeviceDataGet()., xrefs: 6C97F900
                                                                          • Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C97F94C
                                                                          • Called caerEventPacketHeaderSetEventValid() with negative value!, xrefs: 6C97FA92
                                                                          • EventPacket Container, xrefs: 6C97F951, 6C97F9B2, 6C97FAC7
                                                                          • Failed to allocate tsReset event packet container., xrefs: 6C97F9BE
                                                                          • Called caerEventPacketHeaderSetEventNumber() with negative value!, xrefs: 6C97FA71
                                                                          • Special Event, xrefs: 6C97FA37, 6C97FAA8
                                                                          • Failed to allocate tsReset special event packet., xrefs: 6C97FA0E
                                                                          • Called caerSpecialEventValidate() on already valid event., xrefs: 6C97FAA3
                                                                          • Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d., xrefs: 6C97F9AD
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C97FA32
                                                                          • Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C97FAC2
                                                                          • EventPacket Header, xrefs: 6C97FA76, 6C97FA97
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$Called caerEventPacketHeaderSetEventNumber() with negative value!$Called caerEventPacketHeaderSetEventValid() with negative value!$Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventValidate() on already valid event.$Dropped EventPacket Container because ring-buffer full! This means your processing loop is not keeping up with new data ready to be read from caerDeviceDataGet().$EventPacket Container$EventPacket Header$Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.$Failed to allocate tsReset event packet container.$Failed to allocate tsReset special event packet.$Special Event
                                                                          • API String ID: 1435167524-3652802091
                                                                          • Opcode ID: 326b6c1c4b08ec24d14c8234685e629fd533062d34d546f16683cfbf82769595
                                                                          • Instruction ID: 99f33980d098b26375cf3b7a62f573e37bc38edb7ea3b3e9282e4f9aafedba40
                                                                          • Opcode Fuzzy Hash: 326b6c1c4b08ec24d14c8234685e629fd533062d34d546f16683cfbf82769595
                                                                          • Instruction Fuzzy Hash: 0C8116B2506301BBDB209F18DC81B9777A8EFA135CF040558F8587BB92E771E5158BB2
                                                                          Function 00412000 Relevance: 30.4, Strings: 24, Instructions: 393COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ADI-2 Pro$ADI-2/4 P$ASIO MADIface$CAMP$DAQ_GetDeviceInfo$DAQ_GetDeviceList$Digital Audio Interface$Fail to load Device Dll$IEPE$RME ADI-2 Pro$RME ADI-2 Pro-%d$RME ADI-2/4 PRO SE$RME ADI-2/4 PRO SE-%d$RTA$RTX ASIO$RTX6001$RTX6001-%d$Sound Card ASIO$Sound Card MME$SoundCardASIODAQO.dll$SoundCardMMEDAQ.dll$VT CAMP-2G05-%d$VT IEPE-2G05-%d$VT RTA-1G05-%d
                                                                          • API String ID: 0-3943663908
                                                                          • Opcode ID: a8db22d3b5c0b28a60870f88075574fe231336efc590b4bd0ea0303843955999
                                                                          • Instruction ID: 901b7d9a2ebff71dabbe2d52b764b2473c57da1334228c809e86e20982ebee85
                                                                          • Opcode Fuzzy Hash: a8db22d3b5c0b28a60870f88075574fe231336efc590b4bd0ea0303843955999
                                                                          • Instruction Fuzzy Hash: 45D10770A402866BDB08DBA1CD46FEE7B7DBF58704F204018F985F72C5DBB49A408B65
                                                                          Function 6C967E50 Relevance: 30.2, APIs: 8, Strings: 9, Instructions: 404COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetupDiEnumDeviceInfo.SETUPAPI ref: 6C967E8E
                                                                          • SetupDiEnumDeviceInterfaces.SETUPAPI(?,?,?,00000000,?), ref: 6C967EA4
                                                                          • GetLastError.KERNEL32 ref: 6C967EB2
                                                                          • SetupDiEnumDeviceInfo.SETUPAPI(?,?,?), ref: 6C967EC3
                                                                          • GetLastError.KERNEL32 ref: 6C967ECD
                                                                          • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(?,?,00000000,00000000,?,00000000), ref: 6C967F6C
                                                                          • GetLastError.KERNEL32 ref: 6C967F7A
                                                                          • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(?,?,00000000,?,00000000,00000000), ref: 6C9680A7
                                                                          Strings
                                                                          • program assertion failed - http://msdn.microsoft.com/en-us/library/ms792901.aspx is wrong, xrefs: 6C96821A
                                                                          • {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, xrefs: 6C967F33, 6C967FC8, 6C96804C, 6C9680F7, 6C9681FA, 6C968282
                                                                          • could not access interface data (actual) for %s devInst %lX: %s, xrefs: 6C968115
                                                                          • Could not obtain device info data for %s index %lu: %s, xrefs: 6C96829F
                                                                          • could not allocate interface path for %s devInst %lX, xrefs: 6C9681B8, 6C968210
                                                                          • get_interface_details, xrefs: 6C968067, 6C96811A, 6C96821F, 6C9682A4
                                                                          • could not allocate interface data for %s devInst %lX, xrefs: 6C968062
                                                                          • could not access interface data (dummy) for %s devInst %lX: %s, xrefs: 6C967FE6
                                                                          • Could not obtain interface data for %s devInst %lX: %s, xrefs: 6C967F51
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DeviceSetup$EnumErrorLast$DetailInfoInterface$Interfaces
                                                                          • String ID: Could not obtain device info data for %s index %lu: %s$Could not obtain interface data for %s devInst %lX: %s$could not access interface data (actual) for %s devInst %lX: %s$could not access interface data (dummy) for %s devInst %lX: %s$could not allocate interface data for %s devInst %lX$could not allocate interface path for %s devInst %lX$get_interface_details$program assertion failed - http://msdn.microsoft.com/en-us/library/ms792901.aspx is wrong${%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
                                                                          • API String ID: 214911942-2054575212
                                                                          • Opcode ID: fa0cdbd4c8c8a6418a12936b080333747ec294eb3c2542191e82fe4ceb48d6ff
                                                                          • Instruction ID: dac613779f89a7fd2a7087a957d863f527b149ed0cce0aba14e16515d838f618
                                                                          • Opcode Fuzzy Hash: fa0cdbd4c8c8a6418a12936b080333747ec294eb3c2542191e82fe4ceb48d6ff
                                                                          • Instruction Fuzzy Hash: 10D1C7B61086906ED7618B668C00F77BFFCAF5E209F044C5AF6E9C1D81D629D604DB72
                                                                          Function 6C9637D0 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 398COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • TlsGetValue.KERNEL32(?), ref: 6C9637FB
                                                                          • InitializeCriticalSection.KERNEL32(000000AC), ref: 6C963840
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C9638AB
                                                                          • EnterCriticalSection.KERNEL32(0000001E), ref: 6C963917
                                                                          • LeaveCriticalSection.KERNEL32(0000001E), ref: 6C963945
                                                                          • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?), ref: 6C963A75
                                                                          • EnterCriticalSection.KERNEL32(0000001E), ref: 6C963AE1
                                                                          • LeaveCriticalSection.KERNEL32(0000001E), ref: 6C963B0F
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C963C1D
                                                                          • EnterCriticalSection.KERNEL32(0000001E), ref: 6C963C89
                                                                          • LeaveCriticalSection.KERNEL32(0000001E), ref: 6C963CB7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$DeleteEnterLeave$InitializeValue
                                                                          • String ID: destroy device %d.%d$libusb_control_transfer$libusb_free_transfer$libusb_unref_device$transfer %p$unrecognised status code %d
                                                                          • API String ID: 3567458754-2755299374
                                                                          • Opcode ID: 4de989ac564f889c3ae5cbe8f130924de17a7c27896247f08ecff7ee673f77f7
                                                                          • Instruction ID: 8be8a1e9c184644ac108b3c8877e4ab7ee462ef146210de0da6ff5eba5183d66
                                                                          • Opcode Fuzzy Hash: 4de989ac564f889c3ae5cbe8f130924de17a7c27896247f08ecff7ee673f77f7
                                                                          • Instruction Fuzzy Hash: E4E1B2B59043419BEB00CF39C944B67BBE8BF55318F144958E899DBB92D730E918CBA2
                                                                          Function 6C988830 Relevance: 30.1, APIs: 3, Strings: 14, Instructions: 352COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000007,davisOpenInternal,Initializing %s.,DAVIS), ref: 6C988863
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,davisOpenInternal,Failed to allocate memory for device handle.), ref: 6C988889
                                                                          • caerLogLevelGet.LIB_HELP ref: 6C9888EA
                                                                          Strings
                                                                          • Unable to submit libusb transfer %zu (debug channel). Error: %s (%d)., xrefs: 6C988C3B
                                                                          • Failed to generate USB information string., xrefs: 6C9889DB
                                                                          • Unable to allocate any libusb transfers (debug channel)., xrefs: 6C988C6E
                                                                          • DAVIS, xrefs: 6C98884C, 6C988902
                                                                          • DAVIS ID-%hu SN-%s [%hhu:%hhu], xrefs: 6C988AA1
                                                                          • Initialized device successfully with USB Bus=%hhu:Addr=%hhu., xrefs: 6C988C88
                                                                          • Failed to open device, no matching device could be found or opened., xrefs: 6C988A21
                                                                          • Unable to allocate further libusb transfers (debug channel, %zu of %u)., xrefs: 6C988B80
                                                                          • Failed to open device, see above log message for more information (errno=%d)., xrefs: 6C988A56
                                                                          • Initializing %s., xrefs: 6C988851
                                                                          • davisOpenInternal, xrefs: 6C988856, 6C988882
                                                                          • Failed to allocate memory for device handle., xrefs: 6C98887D
                                                                          • Unable to allocate buffer for libusb transfer %zu (debug channel). Error: %d., xrefs: 6C988BBB
                                                                          • %s ID-%hu, xrefs: 6C988907
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$FullLevel
                                                                          • String ID: %s ID-%hu$DAVIS$DAVIS ID-%hu SN-%s [%hhu:%hhu]$Failed to allocate memory for device handle.$Failed to generate USB information string.$Failed to open device, no matching device could be found or opened.$Failed to open device, see above log message for more information (errno=%d).$Initialized device successfully with USB Bus=%hhu:Addr=%hhu.$Initializing %s.$Unable to allocate any libusb transfers (debug channel).$Unable to allocate buffer for libusb transfer %zu (debug channel). Error: %d.$Unable to allocate further libusb transfers (debug channel, %zu of %u).$Unable to submit libusb transfer %zu (debug channel). Error: %s (%d).$davisOpenInternal
                                                                          • API String ID: 1165663149-1902408903
                                                                          • Opcode ID: aff005e5eac8c90ce77e0c2b799b8490ac621107a8046e1a7b8eba424dcd22fa
                                                                          • Instruction ID: 35988b1ac3a6a5ae75d888bf04ee9cec12c2ada16dad4c423357eae272d4b838
                                                                          • Opcode Fuzzy Hash: aff005e5eac8c90ce77e0c2b799b8490ac621107a8046e1a7b8eba424dcd22fa
                                                                          • Instruction Fuzzy Hash: 7FC168B19057007EE7109B24CC41FAB77A8AFB6708F480916F6486BF91EB75E118C7A7
                                                                          Function 6C966B5E Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 225COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetQueuedCompletionStatus.KERNEL32(?,?,?,?), ref: 6C966C1A
                                                                          • EnterCriticalSection.KERNEL32(00000000), ref: 6C966C66
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C966C88
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C966CD5
                                                                          • LeaveCriticalSection.KERNEL32(00000000), ref: 6C966CF7
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C966D5F
                                                                          • SetEvent.KERNEL32(?), ref: 6C966D94
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C966DBD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave$CompletionEventQueuedStatus
                                                                          • String ID: GetQueuedCompletionStatus failed: %s$I/O completion thread exiting$I/O completion thread started$SetEvent failed: %s$ignoring overlapped %p for handle %p$program assertion failed - overlapped is NULL$transfer %p completed, length %lu$usbi_signal_event$windows_iocp_thread
                                                                          • API String ID: 1383050636-112678196
                                                                          • Opcode ID: a68f5ab0066b0c8538fa8b0de72c25edabf0a9237bc1a7f82b21bc1dd6054c55
                                                                          • Instruction ID: 537065c10e6f7d5ac03dc451766bb8b3751530708246c6a1420122158dc4bd30
                                                                          • Opcode Fuzzy Hash: a68f5ab0066b0c8538fa8b0de72c25edabf0a9237bc1a7f82b21bc1dd6054c55
                                                                          • Instruction Fuzzy Hash: D4618DB5604705AFE310DF26C940B9BB7B8FB9530CF104969E686E7E92D331E509CB91
                                                                          Function 6C98551B Relevance: 28.3, APIs: 6, Strings: 10, Instructions: 277COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C985668
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C9856FA
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C985717
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C98579F
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C9857BC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$Caught special event that can't be handled: %d.$Caught special reserved event!$External input (falling edge) event received.$External input (pulse) event received.$External input (rising edge) event received.$IMU6 Start event received.$Special Event$Timestamp reset event received.
                                                                          • API String ID: 3879971092-1048355700
                                                                          • Opcode ID: ef559536708e136694a05079859482930ff53304ba76ee0361b5476e2164d4f5
                                                                          • Instruction ID: 99ed5bc07a7c3129a09fbef7d7aa2bfaf9091fb02281a6b3fcc62287e1bcce82
                                                                          • Opcode Fuzzy Hash: ef559536708e136694a05079859482930ff53304ba76ee0361b5476e2164d4f5
                                                                          • Instruction Fuzzy Hash: D6A1F5B1652B00ABE720CF28CD81F97B7A4AF61749F040D1DE4AADBA81E731E118CF51
                                                                          Function 6C97E030 Relevance: 28.3, APIs: 4, Strings: 12, Instructions: 262timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C97DD30: caerLogVAFull.LIB_HELP(6C97E565,?,?,6C97E565,6C97E565,6C97E565,00000002,?,Failed to send chip config, USB transfer failed on verification.,?,?,?,?,?,?,6C97BF19), ref: 6C97DD57
                                                                          • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 6C97E2A4
                                                                          • SetWaitableTimer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000), ref: 6C97E2BA
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C97E2C3
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C97E2CA
                                                                          Strings
                                                                          • Programming default SRAM U1 ..., xrefs: 6C97E1FE
                                                                          • Clearing SRAM U0 ..., xrefs: 6C97E10C
                                                                          • Programming default SRAM ..., xrefs: 6C97E1C9
                                                                          • Programming default SRAM U2 ..., xrefs: 6C97E223
                                                                          • Programming default SRAM U0 ..., xrefs: 6C97E1D6
                                                                          • Clearing SRAM U1 ..., xrefs: 6C97E134
                                                                          • Programming default SRAM U3 ..., xrefs: 6C97E24B
                                                                          • Clearing SRAM U3 ..., xrefs: 6C97E181
                                                                          • Clearing SRAM ..., xrefs: 6C97E0FF
                                                                          • Clearing SRAM U2 ..., xrefs: 6C97E159
                                                                          • Initializing device ..., xrefs: 6C97E0B7
                                                                          • Device initialized., xrefs: 6C97E2D0
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: TimerWaitable$CloseCreateFullHandleObjectSingleWaitcaer
                                                                          • String ID: Clearing SRAM ...$Clearing SRAM U0 ...$Clearing SRAM U1 ...$Clearing SRAM U2 ...$Clearing SRAM U3 ...$Device initialized.$Initializing device ...$Programming default SRAM ...$Programming default SRAM U0 ...$Programming default SRAM U1 ...$Programming default SRAM U2 ...$Programming default SRAM U3 ...
                                                                          • API String ID: 4109839672-458066774
                                                                          • Opcode ID: e1fdd190bd3dba408a4290dd195a7f57bac5b890fc38731af43956dc734a9d22
                                                                          • Instruction ID: a491a16ddd91cbe51070d75c1f01c0dc98ba491b76f5f84e3f714010a5ed732e
                                                                          • Opcode Fuzzy Hash: e1fdd190bd3dba408a4290dd195a7f57bac5b890fc38731af43956dc734a9d22
                                                                          • Instruction Fuzzy Hash: 1361C6717D230075FA36B6609C8BFFF14294BB2F8AF500418B3067CAC1ABD9B149657A
                                                                          Function 6C962820 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 198COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,00000000,00000000,76ECE820,?,?,?,?,?,?,?,6C962DB1), ref: 6C962859
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C962998
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C962A1F
                                                                          • ResetEvent.KERNEL32(?), ref: 6C962A6E
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C962A97
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave$EventReset
                                                                          • String ID: ResetEvent failed: %s$backend handle_transfer_completion failed with error %d$event triggered$handle_event_trigger$hotplug message received$someone is closing a device$someone purposefully interrupted$someone unregistered a hotplug cb$someone updated the event sources$usbi_clear_event
                                                                          • API String ID: 3754699133-2911248911
                                                                          • Opcode ID: 0bbdcdc25c060a715865241c61cc842f0f1c9d5c4cf69d36745daace6223aeef
                                                                          • Instruction ID: 5c33e9d5403c9fa5af1c78e75ca79ce42167b057f60908c88a802a61131b6c6c
                                                                          • Opcode Fuzzy Hash: 0bbdcdc25c060a715865241c61cc842f0f1c9d5c4cf69d36745daace6223aeef
                                                                          • Instruction Fuzzy Hash: 8E718FB0508706AFD310CF15C944B9ABBE8BF95318F104A6CF49AA7B81E770E605CB95
                                                                          Function 6C98BE20 Relevance: 24.9, APIs: 5, Strings: 9, Instructions: 354COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventPacketGetEventConst() with invalid event offset %i, while maximum allowed value is %i.,00000000,?), ref: 6C98BEB2
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,00000000,?), ref: 6C98BF2F
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventInvalidate() on already invalid event.), ref: 6C98C0DE
                                                                            • Part of subcall function 6C98CBE0: caerLogVAFull.LIB_HELP(6C98CE09,?,DVS Noise Filter,6C98CE09,6C98CE09,6C98CE09,00000003,?,HotPixel Learning: failed to allocate memory for hot pixels array.,?,?,?,?,?,00000000,?), ref: 6C98CC08
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventInvalidate() on already invalid event.), ref: 6C98C120
                                                                          Strings
                                                                          • Called caerEventPacketHeaderSetEventValid() with negative value!, xrefs: 6C98C09C, 6C98C0C1, 6C98C1F0
                                                                          • Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C98BF23
                                                                          • Polarity Event, xrefs: 6C98BEAB, 6C98BF28, 6C98C0D7, 6C98C119, 6C98C206
                                                                          • Called caerPolarityEventPacketGetEventConst() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C98BEA6
                                                                          • Called caerPolarityEventInvalidate() on already invalid event., xrefs: 6C98C0D2, 6C98C114, 6C98C201
                                                                          • HotPixel Learning: started on ts=%lli., xrefs: 6C98BEE0
                                                                          • HotPixel Learning: completed on ts=%lli., xrefs: 6C98BFE5
                                                                          • EventPacket Header, xrefs: 6C98C0A1, 6C98C0C6, 6C98C1F5
                                                                          • HotPixel Learning: failed to allocate memory for learning map., xrefs: 6C98BE81
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketHeaderSetEventValid() with negative value!$Called caerPolarityEventInvalidate() on already invalid event.$Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerPolarityEventPacketGetEventConst() with invalid event offset %i, while maximum allowed value is %i.$EventPacket Header$HotPixel Learning: completed on ts=%lli.$HotPixel Learning: failed to allocate memory for learning map.$HotPixel Learning: started on ts=%lli.$Polarity Event
                                                                          • API String ID: 1435167524-946775423
                                                                          • Opcode ID: 5ab67a63fc48b7260961cf8763b5f6c4411264318e208e0d052fac15610f99d1
                                                                          • Instruction ID: a661d62fe2f4a91d83de213741ae1ba30c1fae9ae90c4f069e09e7587112c087
                                                                          • Opcode Fuzzy Hash: 5ab67a63fc48b7260961cf8763b5f6c4411264318e208e0d052fac15610f99d1
                                                                          • Instruction Fuzzy Hash: F2D1E171A0A780AFD724DF29C880B2BBBE5BF95308F044E1DF99697A91D334E544CB52
                                                                          Function 6C965880 Relevance: 24.8, APIs: 8, Strings: 6, Instructions: 275COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SleepEx.KERNEL32(00000000,00000001,?,?,?,?), ref: 6C9658B5
                                                                          • SleepEx.KERNEL32(00000000,00000001,?,?,?,?), ref: 6C965914
                                                                          • InitializeCriticalSection.KERNEL32(0000001C), ref: 6C9659DD
                                                                          • InitializeCriticalSection.KERNEL32(0000003C), ref: 6C9659E3
                                                                          • SleepEx.KERNEL32(00000000,00000001), ref: 6C965AB5
                                                                          • SleepEx.KERNEL32(00000000,00000001), ref: 6C965B14
                                                                          • DeleteCriticalSection.KERNEL32(0000003C), ref: 6C965B79
                                                                          • DeleteCriticalSection.KERNEL32(0000001C), ref: 6C965B7F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSectionSleep$DeleteInitialize
                                                                          • String ID: LIBUSB_DEBUG$created default context$installing new context as implicit default$libusb v%u.%u.%u.%u%s$libusb_init_context$reusing default context
                                                                          • API String ID: 3952809435-689309766
                                                                          • Opcode ID: dda261827fb3512d7bf7d82ccc7e1318216e279070b8f2832f85b6518458b56f
                                                                          • Instruction ID: 75c7e4530522c3ca77f811f806d18cd1a0f9c01890ead5a8eb7ba75d042ef21d
                                                                          • Opcode Fuzzy Hash: dda261827fb3512d7bf7d82ccc7e1318216e279070b8f2832f85b6518458b56f
                                                                          • Instruction Fuzzy Hash: A4918CB1609310DFFB12CF26C881B5673E8BB56319F20482AE645DBEC1EB71D548CB96
                                                                          Function 6C9673C0 Relevance: 24.7, APIs: 4, Strings: 10, Instructions: 190COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetOverlappedResult.KERNEL32(?,?,?,00000000,-0000000C,?,?,?,00000000,6C9629D8,?), ref: 6C9673EF
                                                                          • GetLastError.KERNEL32(?,?,?,00000000,6C9629D8,?), ref: 6C9673FD
                                                                          • EnterCriticalSection.KERNEL32(00000084), ref: 6C967572
                                                                          • LeaveCriticalSection.KERNEL32(00000084), ref: 6C96757C
                                                                            • Part of subcall function 6C962430: EnterCriticalSection.KERNEL32(00000084), ref: 6C96245B
                                                                            • Part of subcall function 6C962430: LeaveCriticalSection.KERNEL32(00000084), ref: 6C9624CA
                                                                            • Part of subcall function 6C962430: EnterCriticalSection.KERNEL32(?), ref: 6C9624F1
                                                                            • Part of subcall function 6C962430: LeaveCriticalSection.KERNEL32(?), ref: 6C9624FF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave$ErrorLastOverlappedResult
                                                                          • String ID: detected I/O error %lu: %s$detected device removed$detected endpoint stall$detected operation aborted$detected semaphore timeout$detected timeout cancellation$failed to copy partial data in aborted operation: %d$handling transfer %p completion with errcode %lu, length %lu$usbi_handle_transfer_cancellation$windows_handle_transfer_completion
                                                                          • API String ID: 1024593976-2516433399
                                                                          • Opcode ID: a1cc1c96da39cbc1c643dc62db16c7f751e85231b0fd3f66b6c308567d1c2270
                                                                          • Instruction ID: e19564d4c29afaac46032f285e48c35c4376df0c86a694e02cbc0a5af02a9a70
                                                                          • Opcode Fuzzy Hash: a1cc1c96da39cbc1c643dc62db16c7f751e85231b0fd3f66b6c308567d1c2270
                                                                          • Instruction Fuzzy Hash: 845135B6644200BBF7009F2ADD88FAF7758ABA035CF100469FA59A7EC1C775D98483E5
                                                                          Function 6C973AE0 Relevance: 23.1, APIs: 4, Strings: 9, Instructions: 322COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C974CCD, 6C974D2A, 6C974D88, 6C974E2D
                                                                          • Timestamps: non strictly-monotonic timestamp detected: lastTimestamp=%i, currentTimestamp=%i, difference=%i., xrefs: 6C973C5F
                                                                          • Failed to allocate event packet container., xrefs: 6C974E3D
                                                                          • Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d., xrefs: 6C974E28
                                                                          • %zu bytes received via USB, which is not a multiple of two., xrefs: 6C973B01
                                                                          • Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C974CC8, 6C974D25, 6C974D83
                                                                          • Failed to allocate IMU6 event packet., xrefs: 6C974E73
                                                                          • Failed to allocate polarity event packet., xrefs: 6C973BD6
                                                                          • Failed to allocate special event packet., xrefs: 6C974E5B
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Fullcaer
                                                                          • String ID: %zu bytes received via USB, which is not a multiple of two.$Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container$Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.$Failed to allocate IMU6 event packet.$Failed to allocate event packet container.$Failed to allocate polarity event packet.$Failed to allocate special event packet.$Timestamps: non strictly-monotonic timestamp detected: lastTimestamp=%i, currentTimestamp=%i, difference=%i.
                                                                          • API String ID: 3514026218-2206376575
                                                                          • Opcode ID: f8aae9990b537349c3b9aaccfe1c60612dd9c4062b4d3a133db0e31e15fd013c
                                                                          • Instruction ID: 8031457a6d9b18753f99a3f484fe98f4b15990df9cbd2c3119bb93828e8e4da7
                                                                          • Opcode Fuzzy Hash: f8aae9990b537349c3b9aaccfe1c60612dd9c4062b4d3a133db0e31e15fd013c
                                                                          • Instruction Fuzzy Hash: A6C1F5B1546741AFE330CF24C851BA7B7E8BF91318F04492DE5A946A92E371E448CF72
                                                                          Function 6C978FF0 Relevance: 23.1, APIs: 4, Strings: 9, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C97A0CB, 6C97A128, 6C97A186, 6C97A227
                                                                          • Timestamps: non strictly-monotonic timestamp detected: lastTimestamp=%i, currentTimestamp=%i, difference=%i., xrefs: 6C97916A
                                                                          • Failed to allocate event packet container., xrefs: 6C97A237
                                                                          • Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d., xrefs: 6C97A222
                                                                          • %zu bytes received via USB, which is not a multiple of two., xrefs: 6C979011
                                                                          • Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C97A0C6, 6C97A123, 6C97A181
                                                                          • Failed to allocate IMU6 event packet., xrefs: 6C97A25C
                                                                          • Failed to allocate polarity event packet., xrefs: 6C9790EC
                                                                          • Failed to allocate special event packet., xrefs: 6C97A255
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Fullcaer
                                                                          • String ID: %zu bytes received via USB, which is not a multiple of two.$Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container$Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.$Failed to allocate IMU6 event packet.$Failed to allocate event packet container.$Failed to allocate polarity event packet.$Failed to allocate special event packet.$Timestamps: non strictly-monotonic timestamp detected: lastTimestamp=%i, currentTimestamp=%i, difference=%i.
                                                                          • API String ID: 3514026218-2206376575
                                                                          • Opcode ID: 9c859194dc028e3c7382ad9887a03fb40f4c7af3c6006584efb467d99f0ee785
                                                                          • Instruction ID: 0ff862de7bc80569e6d427ccf2638901ae32a8c0a240595cdc40d7ea5d04c79f
                                                                          • Opcode Fuzzy Hash: 9c859194dc028e3c7382ad9887a03fb40f4c7af3c6006584efb467d99f0ee785
                                                                          • Instruction Fuzzy Hash: 26C1F5B1646642EFE724CF24C845BD6F7E4FF56308F040618E56887A91E732E568CBB1
                                                                          Function 6C98A2C0 Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 228COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000007,dvs128Open,Initializing %s.,DVS128), ref: 6C98A2F3
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,dvs128Open,Failed to allocate memory for device handle.), ref: 6C98A319
                                                                          • caerLogLevelGet.LIB_HELP ref: 6C98A367
                                                                          Strings
                                                                          • Failed to open device, no matching device could be found or opened., xrefs: 6C98A3FF
                                                                          • Failed to generate USB information string., xrefs: 6C98A472
                                                                          • Failed to open device, see above log message for more information (errno=%d)., xrefs: 6C98A434
                                                                          • DVS128, xrefs: 6C98A2DC, 6C98A386
                                                                          • DVS128 ID-%hu SN-%s [%hhu:%hhu], xrefs: 6C98A4C0
                                                                          • Initializing %s., xrefs: 6C98A2E1
                                                                          • Failed to allocate memory for device handle., xrefs: 6C98A30D
                                                                          • dvs128Open, xrefs: 6C98A2E6, 6C98A312
                                                                          • Initialized device successfully with USB Bus=%hhu:Addr=%hhu., xrefs: 6C98A56D
                                                                          • %s ID-%hu, xrefs: 6C98A38B
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$FullLevel
                                                                          • String ID: %s ID-%hu$DVS128$DVS128 ID-%hu SN-%s [%hhu:%hhu]$Failed to allocate memory for device handle.$Failed to generate USB information string.$Failed to open device, no matching device could be found or opened.$Failed to open device, see above log message for more information (errno=%d).$Initialized device successfully with USB Bus=%hhu:Addr=%hhu.$Initializing %s.$dvs128Open
                                                                          • API String ID: 1165663149-1030940228
                                                                          • Opcode ID: 772cb501efdf236da22edc3dcced614538dbf4dbcd6268b833107a00dc85a979
                                                                          • Instruction ID: f264db3890afc32955fedc362eea5c499e513f123c828f82f1036ca26d6b779e
                                                                          • Opcode Fuzzy Hash: 772cb501efdf236da22edc3dcced614538dbf4dbcd6268b833107a00dc85a979
                                                                          • Instruction Fuzzy Hash: 286127715053402AD3219B759C01FAB77E8AFB6618F440E1AF689A3FD1EB35E10887A3
                                                                          Function 6C97DD60 Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 225COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000007,dynapseOpen,Initializing %s.,Dynap-se), ref: 6C97DD93
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,dynapseOpen,Failed to allocate memory for device handle.), ref: 6C97DDB9
                                                                          • caerLogLevelGet.LIB_HELP ref: 6C97DE0E
                                                                          Strings
                                                                          • Failed to open device, no matching device could be found or opened., xrefs: 6C97DE9F
                                                                          • Failed to generate USB information string., xrefs: 6C97DF12
                                                                          • %s %hu, xrefs: 6C97DE32
                                                                          • Dynap-se, xrefs: 6C97DD7C, 6C97DE2D
                                                                          • Failed to open device, see above log message for more information (errno=%d)., xrefs: 6C97DED4
                                                                          • Dynap-se ID-%hu SN-%s [%hhu:%hhu], xrefs: 6C97DF60
                                                                          • Initializing %s., xrefs: 6C97DD81
                                                                          • Failed to allocate memory for device handle., xrefs: 6C97DDAD
                                                                          • Initialized device successfully with USB Bus=%hhu:Addr=%hhu., xrefs: 6C97E004
                                                                          • dynapseOpen, xrefs: 6C97DD86, 6C97DDB2
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$FullLevel
                                                                          • String ID: %s %hu$Dynap-se$Dynap-se ID-%hu SN-%s [%hhu:%hhu]$Failed to allocate memory for device handle.$Failed to generate USB information string.$Failed to open device, no matching device could be found or opened.$Failed to open device, see above log message for more information (errno=%d).$Initialized device successfully with USB Bus=%hhu:Addr=%hhu.$Initializing %s.$dynapseOpen
                                                                          • API String ID: 1165663149-3787640237
                                                                          • Opcode ID: c4b5b670672c61c8184c59cdd29b43d896f371555a59ba3d92fe1f2eda3e04a5
                                                                          • Instruction ID: f493e812dc803ba97e6322b66888adb8a9932c4282af802e044f014a4baabd6c
                                                                          • Opcode Fuzzy Hash: c4b5b670672c61c8184c59cdd29b43d896f371555a59ba3d92fe1f2eda3e04a5
                                                                          • Instruction Fuzzy Hash: DE6139B25053402AD32157649C41FFF77E8AFB6618F480D19F68966F91EB35E10887B3
                                                                          Function 6C9726B0 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 224COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,?,?), ref: 6C9727A8
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C97221D
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.,00000020,00000001,00000000), ref: 6C972809
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,00000000,?), ref: 6C97288E
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C9728D1
                                                                          Strings
                                                                          • Dropped EventPacket Container because ring-buffer full! This means your processing loop is not keeping up with new data ready to be read from caerDeviceDataGet()., xrefs: 6C972750
                                                                          • Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C97279C
                                                                          • EventPacket Container, xrefs: 6C9727A1, 6C972802, 6C9728CA
                                                                          • Failed to allocate tsReset event packet container., xrefs: 6C97280E
                                                                          • Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d., xrefs: 6C9727FD
                                                                          • Special Event, xrefs: 6C972887
                                                                          • Failed to allocate tsReset special event packet., xrefs: 6C97285E
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C972882
                                                                          • Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C9728C5
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Dropped EventPacket Container because ring-buffer full! This means your processing loop is not keeping up with new data ready to be read from caerDeviceDataGet().$EventPacket Container$Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.$Failed to allocate tsReset event packet container.$Failed to allocate tsReset special event packet.$Special Event
                                                                          • API String ID: 1435167524-2218194054
                                                                          • Opcode ID: 37aec4d810a4d10ba38d5ac69ae3dc29e6ce62969812daf8ec1ff3b437e14d3c
                                                                          • Instruction ID: 1fe14dd8189b93cdbb1e33a6fbd6248859e35782e06e04e57c7fe47e1019cfbb
                                                                          • Opcode Fuzzy Hash: 37aec4d810a4d10ba38d5ac69ae3dc29e6ce62969812daf8ec1ff3b437e14d3c
                                                                          • Instruction Fuzzy Hash: 03717A71502B00EBDB209F24DD44B9777E8EFA1718F040558F9586BB92E331E514C7B2
                                                                          Function 6C986209 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 163COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventSetTimestamp() with negative value!), ref: 6C986299
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventNumber() with negative value!), ref: 6C986324
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventValidate() on already valid event.), ref: 6C98635F
                                                                            • Part of subcall function 6C9887A0: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C988D7B,00000002,?,Failed to grow event packet of type %d.,?,?,?,?,?,6C9831D3,?), ref: 6C9887C7
                                                                          Strings
                                                                          • Called caerPolarityEventValidate() on already valid event., xrefs: 6C986353
                                                                          • Called caerEventPacketHeaderSetEventValid() with negative value!, xrefs: 6C986339
                                                                          • Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C986270
                                                                          • DVS: X address out of range (0-%d): %hu., xrefs: 6C986215
                                                                          • Polarity Event, xrefs: 6C986275, 6C986292, 6C986358
                                                                          • Called caerEventPacketHeaderSetEventNumber() with negative value!, xrefs: 6C986318
                                                                          • EventPacket Header, xrefs: 6C98631D, 6C98633E
                                                                          • Called caerPolarityEventSetTimestamp() with negative value!, xrefs: 6C98628D
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketHeaderSetEventNumber() with negative value!$Called caerEventPacketHeaderSetEventValid() with negative value!$Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerPolarityEventSetTimestamp() with negative value!$Called caerPolarityEventValidate() on already valid event.$DVS: X address out of range (0-%d): %hu.$EventPacket Header$Polarity Event
                                                                          • API String ID: 1435167524-3714616800
                                                                          • Opcode ID: 8f1c2665b5ac28d188e339c89e9e2f08c3127505980db2e1cdc2724c6b91cf1e
                                                                          • Instruction ID: abdefd9e4c5de44f8831f8776bc50fd2a61e1f9434991129bbde7fe9f717a1d3
                                                                          • Opcode Fuzzy Hash: 8f1c2665b5ac28d188e339c89e9e2f08c3127505980db2e1cdc2724c6b91cf1e
                                                                          • Instruction Fuzzy Hash: 8F51E272667A019FD7288F28D951BA7B7E5EF96305F084C2DE49ACBA41E330E414CF11
                                                                          Function 6C985823 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9887A0: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C988D7B,00000002,?,Failed to grow event packet of type %d.,?,?,?,?,?,6C9831D3,?), ref: 6C9887C7
                                                                          • caerLog.LIB_HELP(00000002,IMU6 Event,Called caerIMU6EventSetTimestamp() with negative value!), ref: 6C985860
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventNumber() with negative value!), ref: 6C98589A
                                                                          • caerLog.LIB_HELP(00000002,IMU6 Event,Called caerIMU6EventValidate() on already valid event.), ref: 6C9858CC
                                                                          • caerLog.LIB_HELP(00000002,IMU6 Event,Called caerIMU6EventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C985926
                                                                          Strings
                                                                          • Called caerEventPacketHeaderSetEventValid() with negative value!, xrefs: 6C9858AF
                                                                          • Called caerEventPacketHeaderSetEventNumber() with negative value!, xrefs: 6C98588E
                                                                          • IMU6 Event, xrefs: 6C985859, 6C9858C5, 6C98591F
                                                                          • Called caerIMU6EventValidate() on already valid event., xrefs: 6C9858C0
                                                                          • IMU End: failed to validate IMU sample count (%hhu), discarding samples., xrefs: 6C98595D
                                                                          • Called caerIMU6EventSetTimestamp() with negative value!, xrefs: 6C985854
                                                                          • EventPacket Header, xrefs: 6C985893, 6C9858B4
                                                                          • Called caerIMU6EventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C98591A
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketHeaderSetEventNumber() with negative value!$Called caerEventPacketHeaderSetEventValid() with negative value!$Called caerIMU6EventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerIMU6EventSetTimestamp() with negative value!$Called caerIMU6EventValidate() on already valid event.$EventPacket Header$IMU End: failed to validate IMU sample count (%hhu), discarding samples.$IMU6 Event
                                                                          • API String ID: 1435167524-2126180590
                                                                          • Opcode ID: 5d670eb30cefd3efc36e303a40d8f9813a7f5fabfede74b346a37032e755383a
                                                                          • Instruction ID: 3b9ef19ca9e72485fd2d81d1e22cde62fd74792b8bb8a0a8d0eb0852aa28097c
                                                                          • Opcode Fuzzy Hash: 5d670eb30cefd3efc36e303a40d8f9813a7f5fabfede74b346a37032e755383a
                                                                          • Instruction Fuzzy Hash: A5511470997B41DBE3208F28D950B97B7F4AFA1349F040D1EE89A9BA42E331F549CB51
                                                                          Function 6C962210 Relevance: 19.6, APIs: 11, Strings: 2, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(00000084,00000000,?,?,6C98B0C6,00000000,00000000,00000000), ref: 6C962265
                                                                          • EnterCriticalSection.KERNEL32(-0000001C), ref: 6C96226B
                                                                          • LeaveCriticalSection.KERNEL32(00000084), ref: 6C96227A
                                                                          • LeaveCriticalSection.KERNEL32(-0000001C), ref: 6C96227D
                                                                            • Part of subcall function 6C964E10: EnterCriticalSection.KERNEL32(0000001E), ref: 6C964E7B
                                                                            • Part of subcall function 6C964E10: LeaveCriticalSection.KERNEL32(0000001E), ref: 6C964EA1
                                                                          • LeaveCriticalSection.KERNEL32(00000084), ref: 6C9622B4
                                                                          • LeaveCriticalSection.KERNEL32(-0000001C), ref: 6C9622B7
                                                                          • LeaveCriticalSection.KERNEL32(00000084), ref: 6C9622C8
                                                                          • LeaveCriticalSection.KERNEL32(-0000001C), ref: 6C9622E0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Leave$Enter
                                                                          • String ID: libusb_submit_transfer$transfer %p
                                                                          • API String ID: 2978645861-3575286421
                                                                          • Opcode ID: eb963b398f8461ddbfce1490493e988c0b40c8e7ddbc7ae8e02d4122563f8435
                                                                          • Instruction ID: 1c3dd0a893ea6557ca590c022c5c067fc7aa7d387a75ac53ae5daba4b80255a0
                                                                          • Opcode Fuzzy Hash: eb963b398f8461ddbfce1490493e988c0b40c8e7ddbc7ae8e02d4122563f8435
                                                                          • Instruction Fuzzy Hash: 2641DDB12057058BE714DF6AD984A6BBBF8FF55759F10452EE98687E80CB31F804CBA0
                                                                          Function 6C9E78B3 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___free_lconv_mon.LIBCMT ref: 6C9E78F7
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E90C2
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E90D4
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E90E6
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E90F8
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E910A
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E911C
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E912E
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E9140
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E9152
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E9164
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E9176
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E9188
                                                                            • Part of subcall function 6C9E90A5: _free.LIBCMT ref: 6C9E919A
                                                                          • _free.LIBCMT ref: 6C9E78EC
                                                                            • Part of subcall function 6C9E2CF5: HeapFree.KERNEL32(00000000,00000000,?,6C9E923A,?,00000000,?,00000000,?,6C9E9261,?,00000007,?,?,6C9E7A4B,?), ref: 6C9E2D0B
                                                                            • Part of subcall function 6C9E2CF5: GetLastError.KERNEL32(?,?,6C9E923A,?,00000000,?,00000000,?,6C9E9261,?,00000007,?,?,6C9E7A4B,?,?), ref: 6C9E2D1D
                                                                          • _free.LIBCMT ref: 6C9E790E
                                                                          • _free.LIBCMT ref: 6C9E7923
                                                                          • _free.LIBCMT ref: 6C9E792E
                                                                          • _free.LIBCMT ref: 6C9E7950
                                                                          • _free.LIBCMT ref: 6C9E7963
                                                                          • _free.LIBCMT ref: 6C9E7971
                                                                          • _free.LIBCMT ref: 6C9E797C
                                                                          • _free.LIBCMT ref: 6C9E79B4
                                                                          • _free.LIBCMT ref: 6C9E79BB
                                                                          • _free.LIBCMT ref: 6C9E79D8
                                                                          • _free.LIBCMT ref: 6C9E79F0
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                          • String ID:
                                                                          • API String ID: 161543041-0
                                                                          • Opcode ID: 5eeaca4c5dee7d516b0475ad4e1d840127a3a9fff47e512453ce188a0d50178d
                                                                          • Instruction ID: 1c47cdff63b0d2f17a6cf601073ec35951dc765335b0963bf371da59d20b85ed
                                                                          • Opcode Fuzzy Hash: 5eeaca4c5dee7d516b0475ad4e1d840127a3a9fff47e512453ce188a0d50178d
                                                                          • Instruction Fuzzy Hash: 0B31AE31604702AFFB229A39D848B8AB3E8FF3C358F204559E569C7A51DF31E844D721
                                                                          Function 6C965DB0 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 208threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetCurrentThreadId.KERNEL32 ref: 6C965F0C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentThread
                                                                          • String ID: --------------------------------------------------------------------------------$LIBUSB_DEBUG$[%2ld.%06ld] [%08x] libusb: %s [%s] $[timestamp] [threadID] facility level [function call] <message>$debug$error$info$libusb: %s [%s] $unknown$warning
                                                                          • API String ID: 2882836952-1750401696
                                                                          • Opcode ID: e6236187ca8485f518ee6bb5a1c462ed0b3f8b7604486f239e42a5fb8bd9c488
                                                                          • Instruction ID: dc74148b2400856b43b1a74908f7a73944691296586fb0414dea1dc389fea8f1
                                                                          • Opcode Fuzzy Hash: e6236187ca8485f518ee6bb5a1c462ed0b3f8b7604486f239e42a5fb8bd9c488
                                                                          • Instruction Fuzzy Hash: 6F61F8B1B08301ABF700CF6ACC41B5B77A8AB94758F04492DF959E6EC1EB31D914CB92
                                                                          Function 6CE96FE4 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 80memorylibraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 6CE97001
                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 6CE97007
                                                                          • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6CE9701A
                                                                          • GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6CE97027
                                                                          • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6CE9703B
                                                                          • HeapAlloc.KERNEL32(00000000,00000000,?,00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6CE97041
                                                                          • GetLogicalProcessorInformation.KERNEL32(?,?,00000000,6CE970BC,?,00000000,00000000,?,00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6CE9705F
                                                                          • GetProcessHeap.KERNEL32(00000000,?,6CE970C3,6CE970BC,?,00000000,00000000,?,00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6CE970AE
                                                                          • HeapFree.KERNEL32(00000000,00000000,?,6CE970C3,6CE970BC,?,00000000,00000000,?,00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6CE970B4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$InformationLogicalProcessProcessor$AddressAllocErrorFreeHandleLastModuleProc
                                                                          • String ID: GetLogicalProcessorInformation$kernel32.dll
                                                                          • API String ID: 3024362138-812649623
                                                                          • Opcode ID: f6f852afb4898de4f52b8b54b472b6f684c85d0075599fae2671255eb738a818
                                                                          • Instruction ID: 5f037611e15677921dd80ecd0cd0d9825ac5582931c94fd0b743ff5b9380f6d7
                                                                          • Opcode Fuzzy Hash: f6f852afb4898de4f52b8b54b472b6f684c85d0075599fae2671255eb738a818
                                                                          • Instruction Fuzzy Hash: 6C21B071D04208EEDB00DBE5C850BDEB7B9EB4431DF34C6A9E804D7B41E7B59A488B61
                                                                          Function 6C985080 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 186COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.,0000002C,00000004,00000000), ref: 6C985109
                                                                            • Part of subcall function 6C9887A0: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C988D7B,00000002,?,Failed to grow event packet of type %d.,?,?,?,?,?,6C9831D3,?), ref: 6C9887C7
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C985102
                                                                          • Failed to allocate frame event packet., xrefs: 6C985208
                                                                          • Failed to allocate event packet container., xrefs: 6C98511E
                                                                          • Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d., xrefs: 6C9850FD
                                                                          • Failed to allocate APS current event memory., xrefs: 6C98527F
                                                                          • Failed to allocate IMU6 event packet., xrefs: 6C98523E
                                                                          • Failed to initialize data exchange buffer., xrefs: 6C9850C4
                                                                          • Failed to allocate polarity event packet., xrefs: 6C98517F
                                                                          • Failed to allocate special event packet., xrefs: 6C9851B8
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: EventPacket Container$Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.$Failed to allocate APS current event memory.$Failed to allocate IMU6 event packet.$Failed to allocate event packet container.$Failed to allocate frame event packet.$Failed to allocate polarity event packet.$Failed to allocate special event packet.$Failed to initialize data exchange buffer.
                                                                          • API String ID: 1435167524-4142778979
                                                                          • Opcode ID: 26b3e6ba802baeacd38915095854c44e77705903cd122b6490aa2b1ffe90658e
                                                                          • Instruction ID: 551dfe76a8bc3e65c4e55d38e8632bb841f877980c7af4cbbce2f31dfaa78ec0
                                                                          • Opcode Fuzzy Hash: 26b3e6ba802baeacd38915095854c44e77705903cd122b6490aa2b1ffe90658e
                                                                          • Instruction Fuzzy Hash: EA515BB1501711B9E3606F79EC06FD777E4ABA1728F00091AF6599BAC1E770E049C3B5
                                                                          Function 6C965BF0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SleepEx.KERNEL32(00000000,00000001), ref: 6C965C14
                                                                          • SleepEx.KERNEL32(00000000,00000001), ref: 6C965CB4
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C965D97
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6C965D9D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalDeleteSectionSleep
                                                                          • String ID: application left some devices open$destroying default context$device %d.%d still referenced$libusb_exit$no default context, not initialized?$not destroying default context
                                                                          • API String ID: 2931644207-1159585325
                                                                          • Opcode ID: 2328c536a5f4cb0a3cabaa3143b7faa8124d8a45ee3f7b7dd28a48ce39960367
                                                                          • Instruction ID: 2b28694cc97a7cb741406eaa2b531826ca75aec58b4adab18c5e010b1395d274
                                                                          • Opcode Fuzzy Hash: 2328c536a5f4cb0a3cabaa3143b7faa8124d8a45ee3f7b7dd28a48ce39960367
                                                                          • Instruction Fuzzy Hash: E841C171704204BFE701DE26C984B9673A8BB5630DF14456AF609EBEC2DB35E518CBD1
                                                                          Function 6C9677F0 Relevance: 16.7, APIs: 7, Strings: 4, Instructions: 210COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,00000000), ref: 6C967811
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 6C96785B
                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000), ref: 6C9678C3
                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 6C96797C
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 6C9679A2
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 6C967A80
                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000), ref: 6C967A8F
                                                                          Strings
                                                                          • libusb_unref_device, xrefs: 6C967942
                                                                          • destroy device %d.%d, xrefs: 6C96793D
                                                                          • usbi_hotplug_process, xrefs: 6C967A33
                                                                          • freeing hotplug cb %p with handle %d, xrefs: 6C967A2E
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Enter$Leave
                                                                          • String ID: destroy device %d.%d$freeing hotplug cb %p with handle %d$libusb_unref_device$usbi_hotplug_process
                                                                          • API String ID: 2801635615-2248820911
                                                                          • Opcode ID: 04d9446646d3e4e530f03a1e19f443dc585d407694de3a416468b8a7b0603ba8
                                                                          • Instruction ID: 9a6834a78a43f4b2d171f54448126ae4c4b5791bd5cfbab1f0a8bc1129eeb8e5
                                                                          • Opcode Fuzzy Hash: 04d9446646d3e4e530f03a1e19f443dc585d407694de3a416468b8a7b0603ba8
                                                                          • Instruction Fuzzy Hash: 5D81ADB4604304DFD700DF19C580A5ABBF5BF49718F148598E9999BB82E731ED05CBA2
                                                                          Function 6C9D3A6E Relevance: 16.7, APIs: 11, Instructions: 194COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog3_GS.LIBCMT ref: 6C9D3A75
                                                                          • _strlen.LIBCMT ref: 6C9D3B29
                                                                          • _memcmp.LIBVCRUNTIME ref: 6C9D3B46
                                                                          • _strlen.LIBCMT ref: 6C9D3B90
                                                                          • _strlen.LIBCMT ref: 6C9D3BC6
                                                                          • _strlen.LIBCMT ref: 6C9D3BD8
                                                                          • _strlen.LIBCMT ref: 6C9D3BF2
                                                                          • _strlen.LIBCMT ref: 6C9D3C0B
                                                                          • _strlen.LIBCMT ref: 6C9D3C51
                                                                          • _strlen.LIBCMT ref: 6C9D3C76
                                                                          • _strlen.LIBCMT ref: 6C9D3C8A
                                                                            • Part of subcall function 6C9D4189: GetDlgItem.USER32(00050056,0000560D), ref: 6C9D41AC
                                                                            • Part of subcall function 6C9D4189: SendMessageA.USER32(00000000,00000147,00000000,00000000), ref: 6C9D41BC
                                                                            • Part of subcall function 6C9D15B6: _strlen.LIBCMT ref: 6C9D15CD
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: _strlen$H_prolog3_ItemMessageSend_memcmp
                                                                          • String ID:
                                                                          • API String ID: 3074054990-0
                                                                          • Opcode ID: f60da72e3dd64315c216c06167bd91c50c69071457099520b802cb4b9ad2bf63
                                                                          • Instruction ID: e448ed4e0a35af197011395b1498e97ab33178a0569018f4ba9a95da0b960e0c
                                                                          • Opcode Fuzzy Hash: f60da72e3dd64315c216c06167bd91c50c69071457099520b802cb4b9ad2bf63
                                                                          • Instruction Fuzzy Hash: BF6191B2D10614ABDB04CF78DC84AEDB7B8BF25318F568429E815BB741DB34F9198B90
                                                                          Function 6C968A80 Relevance: 16.6, APIs: 5, Strings: 6, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(6C9C9FCC), ref: 6C968A9D
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C968B02
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C968B42
                                                                          • LeaveCriticalSection.KERNEL32(6C9C9FCC), ref: 6C968B7E
                                                                          • LeaveCriticalSection.KERNEL32(6C9C9FCC), ref: 6C968BCA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Leave$Enter
                                                                          • String ID: $auto-released interface %d$auto_release$failed to auto-release interface %d (%s)$interface %d$libusb_release_interface
                                                                          • API String ID: 2978645861-3865815033
                                                                          • Opcode ID: de20888871fc01c2edd95b69421c4dad30e32fab670fcddb81ac1c4026ce1b23
                                                                          • Instruction ID: 574c074ef6a48782abacc2cbcd57b0b82c217126ce3b9065ddf0086bd3ee114f
                                                                          • Opcode Fuzzy Hash: de20888871fc01c2edd95b69421c4dad30e32fab670fcddb81ac1c4026ce1b23
                                                                          • Instruction Fuzzy Hash: 713116B12042409FE714DF3A8C40E6B73F8AF89319F1A092AF885C7E81D324E904C755
                                                                          Function 6C978B70 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 266COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.,00000028,00000003,00000000), ref: 6C978C0C
                                                                            • Part of subcall function 6C974F20: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C972947,00000007,?,Shutting down ...), ref: 6C974F39
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C978C05
                                                                          • Failed to allocate event packet container., xrefs: 6C978C21
                                                                          • Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d., xrefs: 6C978C00
                                                                          • Failed to start data transfers., xrefs: 6C978DAD
                                                                          • Failed to allocate IMU6 event packet., xrefs: 6C978CF4
                                                                          • Failed to initialize data exchange buffer., xrefs: 6C978BC6
                                                                          • Failed to allocate polarity event packet., xrefs: 6C978C83
                                                                          • Failed to allocate special event packet., xrefs: 6C978CBD
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: EventPacket Container$Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.$Failed to allocate IMU6 event packet.$Failed to allocate event packet container.$Failed to allocate polarity event packet.$Failed to allocate special event packet.$Failed to initialize data exchange buffer.$Failed to start data transfers.
                                                                          • API String ID: 1435167524-4166910298
                                                                          • Opcode ID: 1ed411ebe912675ba3f48c0ef9d9ebf996f95028d3f4f245f8c8893eea66df6c
                                                                          • Instruction ID: 27c221b71a5157cadcc50ae9d9ea1bb8861d788f2330164f04772389daf54985
                                                                          • Opcode Fuzzy Hash: 1ed411ebe912675ba3f48c0ef9d9ebf996f95028d3f4f245f8c8893eea66df6c
                                                                          • Instruction Fuzzy Hash: D07132B1782B1135F73227645C07FDA76499F71B2CF084601F71839AC2DBE0E26942BA
                                                                          Function 6C973680 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.,00000028,00000003,00000000), ref: 6C97371C
                                                                            • Part of subcall function 6C974F20: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C972947,00000007,?,Shutting down ...), ref: 6C974F39
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C973715
                                                                          • Failed to allocate event packet container., xrefs: 6C973731
                                                                          • Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d., xrefs: 6C973710
                                                                          • Failed to start data transfers., xrefs: 6C9738BD
                                                                          • Failed to allocate IMU6 event packet., xrefs: 6C973804
                                                                          • Failed to initialize data exchange buffer., xrefs: 6C9736D6
                                                                          • Failed to allocate polarity event packet., xrefs: 6C973793
                                                                          • Failed to allocate special event packet., xrefs: 6C9737CD
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: EventPacket Container$Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.$Failed to allocate IMU6 event packet.$Failed to allocate event packet container.$Failed to allocate polarity event packet.$Failed to allocate special event packet.$Failed to initialize data exchange buffer.$Failed to start data transfers.
                                                                          • API String ID: 1435167524-4166910298
                                                                          • Opcode ID: f090a16d02929255c10063d17f513bfc8acceb19cdad72743a707c0f7fb00cb5
                                                                          • Instruction ID: c03ad82f3a3fdc67631f1ffadc8cf59727b303834ce15f1fc3072cf3471d5c15
                                                                          • Opcode Fuzzy Hash: f090a16d02929255c10063d17f513bfc8acceb19cdad72743a707c0f7fb00cb5
                                                                          • Instruction Fuzzy Hash: D771CEB1782B10B5F73127749C47FCA6298BF71B28F100214F3187AAC2D7E1E25942BA
                                                                          Function 6C96F990 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 223COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HID transfer failed: %s$hid_submit_bulk_transfer$matched endpoint %02X with interface %d$reading %d bytes (report ID: 0x00)$unable to match endpoint to an open interface - cancelling transfer$writing %d bytes (report ID: 0x%02X)
                                                                          • API String ID: 0-3615287953
                                                                          • Opcode ID: a9b0fd6c6a1737ba7151e32a8fd5293b377c7f2601589978912a4aeb6576ce32
                                                                          • Instruction ID: 2e5bea0f729230fe9945c6e8d18b721eafeb67d8a5cc4ade757aea3692858676
                                                                          • Opcode Fuzzy Hash: a9b0fd6c6a1737ba7151e32a8fd5293b377c7f2601589978912a4aeb6576ce32
                                                                          • Instruction Fuzzy Hash: B971E3B1604741ABEB00CF2ADD90F56B7E8FB4831CF580969E999C7E81E735E508C7A1
                                                                          Function 6C96E730 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 144COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DeviceIoControl.KERNEL32(?,?,00000000,?,00000000,?,00000000,?), ref: 6C96E836
                                                                          • GetLastError.KERNEL32 ref: 6C96E840
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ControlDeviceErrorLast
                                                                          • String ID: _hid_set_report$failed to write HID Output Report: %s$invalid size (%u)$mismatched report ID (data is %02X, parameter is %02X)$program assertion failed - hid_buffer is not NULL$report ID: 0x%02X$unknown HID report type %d
                                                                          • API String ID: 2645620995-16252176
                                                                          • Opcode ID: a136b455b6406f517d2b054fabb495622b99868ed7f8697ae4493ba3f71174a4
                                                                          • Instruction ID: 8042bdd51371fdef69b3e0937ca4429d475db91fc1a20a18d1d1e1ae5bec1009
                                                                          • Opcode Fuzzy Hash: a136b455b6406f517d2b054fabb495622b99868ed7f8697ae4493ba3f71174a4
                                                                          • Instruction Fuzzy Hash: 1B414672604200ABE7109F1ADD44F9BBBE9EFD1719F144969F848E2E90D336D909C6E3
                                                                          Function 6C985FA5 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 118COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9887A0: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C988D7B,00000002,?,Failed to grow event packet of type %d.,?,?,?,?,?,6C9831D3,?), ref: 6C9887C7
                                                                          • caerLog.LIB_HELP(00000002,Frame Event,Called caerFrameEventSetTSEndOfExposure() with negative value!), ref: 6C985FDA
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C986039
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C986056
                                                                          Strings
                                                                          • APS Exposure End event received., xrefs: 6C985FB1
                                                                          • Frame Event, xrefs: 6C985FD3
                                                                          • Called caerFrameEventSetTSEndOfExposure() with negative value!, xrefs: 6C985FCE
                                                                          • Special Event, xrefs: 6C986032, 6C98604F
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C98602D
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C98604A
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: APS Exposure End event received.$Called caerFrameEventSetTSEndOfExposure() with negative value!$Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$Frame Event$Special Event
                                                                          • API String ID: 1435167524-4222832526
                                                                          • Opcode ID: a066b59065443f000428d63a756c2c5f0496efd9c4b42054f41edb18f4b17c86
                                                                          • Instruction ID: 03f3ea7a65243b87742a6dd1dc3c0ff48e4c014d982e52767679427aa9c1bda9
                                                                          • Opcode Fuzzy Hash: a066b59065443f000428d63a756c2c5f0496efd9c4b42054f41edb18f4b17c86
                                                                          • Instruction Fuzzy Hash: B2411371A96B009BD3208E29D890B97B7E5AF91349F044D2DE4AACBA40E730E454CF41
                                                                          Function 6C963610 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 80COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,00000000,6C961CC7), ref: 6C963634
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,6C961CC7), ref: 6C963675
                                                                          • SetEvent.KERNEL32(?,?,?,?,00000000,6C961CC7), ref: 6C9636C3
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,6C961CC7), ref: 6C9636EC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Leave$EnterEvent
                                                                          • String ID: SetEvent failed: %s$couldn't find HANDLE %p to remove$remove HANDLE %p$usbi_remove_event_source$usbi_signal_event
                                                                          • API String ID: 3394196147-4110883191
                                                                          • Opcode ID: 26f0f31e9c310bb3be4f4e61782507a71c552538b639e0442d3504248f4e6c39
                                                                          • Instruction ID: eb8bf2bba802fbad8ea994454b593587c5202c47f2457dbb19986c495cf19bab
                                                                          • Opcode Fuzzy Hash: 26f0f31e9c310bb3be4f4e61782507a71c552538b639e0442d3504248f4e6c39
                                                                          • Instruction Fuzzy Hash: 2F216DB4201602AFD3149F26C844F97F7A9FF95329F1085A9E10ADBB91E731E444CB90
                                                                          Function 00495250 Relevance: 15.4, Strings: 12, Instructions: 435COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: - $ - <$ [%d]$CAMP$ELI-VTL-A$IEPE$RME ADI-2 Pro$RME ADI-2/4 PRO SE$RTA$RTX6001$Virtual Instrumentation$XL2000
                                                                          • API String ID: 0-2300236208
                                                                          • Opcode ID: 1c06e79dcd139bfa958ae6046d205119367d3f8707dc63f2df9b7dda50d4f9a6
                                                                          • Instruction ID: bfbff24af197ebd667ab44113f4a514aef09302e4a430e6a33db3a9967511ac0
                                                                          • Opcode Fuzzy Hash: 1c06e79dcd139bfa958ae6046d205119367d3f8707dc63f2df9b7dda50d4f9a6
                                                                          • Instruction Fuzzy Hash: 25F1B330108382AED718EB21C895A6F7FDDAFD4714F00591CF9D593296EBB4D948CB62
                                                                          Function 6C9AD7D0 Relevance: 15.2, APIs: 10, Instructions: 167COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • OpenEventA.KERNEL32(00100002,00000000,00000000,7661A3ED), ref: 6C9AD875
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C9AD88A
                                                                          • ResetEvent.KERNEL32(00000000,7661A3ED), ref: 6C9AD894
                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 6C9AD8E1
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C9AD8F6
                                                                          • SetEvent.KERNEL32(00000000), ref: 6C9AD905
                                                                          • CloseHandle.KERNEL32(00000000,7661A3ED), ref: 6C9AD918
                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,7661A3ED), ref: 6C9AD96F
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C9AD984
                                                                          • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,7661A3ED), ref: 6C9AD996
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Event$CloseHandle$Create$ObjectOpenResetSingleWait
                                                                          • String ID:
                                                                          • API String ID: 3951656645-0
                                                                          • Opcode ID: 2d2a78bd7418f84ccf23570072c6fd3758a6b23b66e815c5a042e01a62796b75
                                                                          • Instruction ID: 2a71ba0e4de5f08a4a1d3ddd236ccdd4b2583c53ec7e101bca1ff4f1386bd8d4
                                                                          • Opcode Fuzzy Hash: 2d2a78bd7418f84ccf23570072c6fd3758a6b23b66e815c5a042e01a62796b75
                                                                          • Instruction Fuzzy Hash: F6515F72D06358ABDF11CBE9C844B9EB7B8BF45718F204259EC29AB780D770D906CB94
                                                                          Function 6C9688A0 Relevance: 15.2, APIs: 4, Strings: 6, Instructions: 153COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(6C9C9FCC), ref: 6C9688E9
                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,00000000), ref: 6C96894B
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00000000), ref: 6C968987
                                                                          • LeaveCriticalSection.KERNEL32(6C9C9FCC), ref: 6C968A59
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: auto-claimed interface %d for control request$auto_claim$could not auto-claim any interface$interface %d$libusb_claim_interface$program assertion failed - autoclaim_count was nonzero
                                                                          • API String ID: 3168844106-1517859743
                                                                          • Opcode ID: 57fcab42e5f575211d17c358bbe15bf9ee7505d6946f6236fb3044c1451d70c0
                                                                          • Instruction ID: 0d5ccf218a1b6dce93e65a15d506908b7adbc761b4cdfdd31a383484d35ce67d
                                                                          • Opcode Fuzzy Hash: 57fcab42e5f575211d17c358bbe15bf9ee7505d6946f6236fb3044c1451d70c0
                                                                          • Instruction Fuzzy Hash: 4E51D0B02052019FE704DF1AC984A5AB7F8FF86308F55495AF895DBF91D330E901CB96
                                                                          Function 6C9633B0 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 145COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,6C962E70), ref: 6C963413
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,6C962E70), ref: 6C963427
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96347D
                                                                          Strings
                                                                          • next timeout in %ld.%06lds, xrefs: 6C96352F
                                                                          • no URBs, no timeout!, xrefs: 6C96342D
                                                                          • usbi_get_context, xrefs: 6C9633ED
                                                                          • API misuse! Using non-default context as implicit default., xrefs: 6C9633E8
                                                                          • no URB with timeout or all handled by OS; no timeout!, xrefs: 6C963495
                                                                          • first timeout already expired, xrefs: 6C9634C4
                                                                          • libusb_get_next_timeout, xrefs: 6C963432, 6C9634C9, 6C963534
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Leave$Enter
                                                                          • String ID: API misuse! Using non-default context as implicit default.$first timeout already expired$libusb_get_next_timeout$next timeout in %ld.%06lds$no URB with timeout or all handled by OS; no timeout!$no URBs, no timeout!$usbi_get_context
                                                                          • API String ID: 2978645861-1763312603
                                                                          • Opcode ID: 387ab346cd1cdeab34713d9ae5e1d40f66f6233b8ec31fcf92304267c2a28ccd
                                                                          • Instruction ID: 04db6871c3a1d5291d8b03e1540ebd29e2d956cab3d56ee985ad5fa7d2b40ad6
                                                                          • Opcode Fuzzy Hash: 387ab346cd1cdeab34713d9ae5e1d40f66f6233b8ec31fcf92304267c2a28ccd
                                                                          • Instruction Fuzzy Hash: 5E412971708300ABE702DE2AC88076AB7B4FB9535CF68465DF44597E82D731E54A86D2
                                                                          Function 6C9E2A86 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _free.LIBCMT ref: 6C9E2A9A
                                                                            • Part of subcall function 6C9E2CF5: HeapFree.KERNEL32(00000000,00000000,?,6C9E923A,?,00000000,?,00000000,?,6C9E9261,?,00000007,?,?,6C9E7A4B,?), ref: 6C9E2D0B
                                                                            • Part of subcall function 6C9E2CF5: GetLastError.KERNEL32(?,?,6C9E923A,?,00000000,?,00000000,?,6C9E9261,?,00000007,?,?,6C9E7A4B,?,?), ref: 6C9E2D1D
                                                                          • _free.LIBCMT ref: 6C9E2AA6
                                                                          • _free.LIBCMT ref: 6C9E2AB1
                                                                          • _free.LIBCMT ref: 6C9E2ABC
                                                                          • _free.LIBCMT ref: 6C9E2AC7
                                                                          • _free.LIBCMT ref: 6C9E2AD2
                                                                          • _free.LIBCMT ref: 6C9E2ADD
                                                                          • _free.LIBCMT ref: 6C9E2AE8
                                                                          • _free.LIBCMT ref: 6C9E2AF3
                                                                          • _free.LIBCMT ref: 6C9E2B01
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: 5d0167b3b34abdb9d1c2f1bb3cdfef8db17f5879fa397558fae239544b762059
                                                                          • Instruction ID: 753e53d2755cc8c35f7c1b58332260b79ffac28761efa035c87771e66f4c8a5c
                                                                          • Opcode Fuzzy Hash: 5d0167b3b34abdb9d1c2f1bb3cdfef8db17f5879fa397558fae239544b762059
                                                                          • Instruction Fuzzy Hash: B011B676100549FFDB02DF58C945CD93BA5FF3D294B5140A1BA098FA21DB31DB54AB84
                                                                          Function 6C97D2F0 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 162COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.,00000024,00000002,00000000), ref: 6C97D38C
                                                                            • Part of subcall function 6C97DD30: caerLogVAFull.LIB_HELP(6C97E565,?,?,6C97E565,6C97E565,6C97E565,00000002,?,Failed to send chip config, USB transfer failed on verification.,?,?,?,?,?,?,6C97BF19), ref: 6C97DD57
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C97D385
                                                                          • Failed to allocate event packet container., xrefs: 6C97D3A1
                                                                          • Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d., xrefs: 6C97D380
                                                                          • Failed to start data transfers., xrefs: 6C97D466
                                                                          • Failed to allocate spike event packet., xrefs: 6C97D403
                                                                          • Failed to initialize data exchange buffer., xrefs: 6C97D346
                                                                          • Failed to allocate special event packet., xrefs: 6C97D43D
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: EventPacket Container$Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.$Failed to allocate event packet container.$Failed to allocate special event packet.$Failed to allocate spike event packet.$Failed to initialize data exchange buffer.$Failed to start data transfers.
                                                                          • API String ID: 1435167524-2954242151
                                                                          • Opcode ID: 18302e5ea0e9276cc4b4a965a46e50c336e4f37d2d983d65cfd02a2f0cbc5ac0
                                                                          • Instruction ID: c9430761e93f17f7c16b79b87a420a0e9a4a51e831957ae2dbcb4b6f594fdb9c
                                                                          • Opcode Fuzzy Hash: 18302e5ea0e9276cc4b4a965a46e50c336e4f37d2d983d65cfd02a2f0cbc5ac0
                                                                          • Instruction Fuzzy Hash: 274156B27423117AE7206F659C42FDBB794AF6172DF004614F22866FC2E7A0E05887B1
                                                                          Function 6C96E8E0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 156COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DeviceIoControl.KERNEL32(?,?,00000000,?,00000000,?,00000000,?), ref: 6C96EA0E
                                                                          • GetLastError.KERNEL32 ref: 6C96EA18
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ControlDeviceErrorLast
                                                                          • String ID: _hid_get_report$failed to read HID Report: %s$invalid size (%u)$program assertion failed - hid_buffer is not NULL$report ID: 0x%02X$unknown HID report type %d
                                                                          • API String ID: 2645620995-4059381341
                                                                          • Opcode ID: 9578f3ec2d4e89db1618447cb810622af306972b702650ed47170768d6d16220
                                                                          • Instruction ID: 80ab67611bec40cde2cef715d77a62b5cb60ce758df0623c6d6ea16d3a0195e8
                                                                          • Opcode Fuzzy Hash: 9578f3ec2d4e89db1618447cb810622af306972b702650ed47170768d6d16220
                                                                          • Instruction Fuzzy Hash: E4411972744700ABEB005E1A9D40AAAB799FFA132AF404939F955D2ED0D336D908C7A2
                                                                          Function 6C981C60 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 149COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.,00000024,00000002,00000000), ref: 6C981CFC
                                                                            • Part of subcall function 6C9827B0: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C97FD3D,00000006,?,Parser reset, reason: %s.,?), ref: 6C9827C9
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C981CF5
                                                                          • Failed to allocate event packet container., xrefs: 6C981D11
                                                                          • Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d., xrefs: 6C981CF0
                                                                          • Failed to start data transfers., xrefs: 6C981DE1
                                                                          • Failed to initialize data exchange buffer., xrefs: 6C981CB6
                                                                          • Failed to allocate polarity event packet., xrefs: 6C981D73
                                                                          • Failed to allocate special event packet., xrefs: 6C981DAD
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: EventPacket Container$Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.$Failed to allocate event packet container.$Failed to allocate polarity event packet.$Failed to allocate special event packet.$Failed to initialize data exchange buffer.$Failed to start data transfers.
                                                                          • API String ID: 1435167524-3619772666
                                                                          • Opcode ID: 7bce62c4b5f068dd7cc88180409ca421450be897f15cf823d6fbe61e84b1bc48
                                                                          • Instruction ID: e9d81399167364e89837dbca0fc4e46b1f49639bb1e0ba3578118a1963685489
                                                                          • Opcode Fuzzy Hash: 7bce62c4b5f068dd7cc88180409ca421450be897f15cf823d6fbe61e84b1bc48
                                                                          • Instruction Fuzzy Hash: 9B41F9B16427007AE7206B659C46FDB77E8EFA572DF040A19F26877AC2E770E0098761
                                                                          Function 6C9898F0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 141COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.,00000024,00000002,00000000), ref: 6C98998C
                                                                            • Part of subcall function 6C98A290: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C989453,00000007,?,Shutting down ...), ref: 6C98A2B7
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C989985
                                                                          • Failed to allocate event packet container., xrefs: 6C9899A1
                                                                          • Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d., xrefs: 6C989980
                                                                          • Failed to start data transfers., xrefs: 6C989A66
                                                                          • Failed to initialize data exchange buffer., xrefs: 6C989946
                                                                          • Failed to allocate polarity event packet., xrefs: 6C989A03
                                                                          • Failed to allocate special event packet., xrefs: 6C989A3D
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: EventPacket Container$Failed to allocate %zu bytes of memory for Event Packet Container, containing %i packets. Error: %d.$Failed to allocate event packet container.$Failed to allocate polarity event packet.$Failed to allocate special event packet.$Failed to initialize data exchange buffer.$Failed to start data transfers.
                                                                          • API String ID: 1435167524-3619772666
                                                                          • Opcode ID: ce8c8bc377021c0190e4d52ad6c54b14003bc70c490cb7de75227f53653512c2
                                                                          • Instruction ID: 8112165493cd4c354840f8a68657350cab51468742609e0dd42fe33a5667f777
                                                                          • Opcode Fuzzy Hash: ce8c8bc377021c0190e4d52ad6c54b14003bc70c490cb7de75227f53653512c2
                                                                          • Instruction Fuzzy Hash: E8417BB16013107AD7206F759C46FC777E49BA172CF044E19F1A8A7AC2EB31D0098761
                                                                          Function 6C96C3E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 118fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,40000000,00000000), ref: 6C96C44B
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C96C4B4
                                                                          • CreateIoCompletionPort.KERNEL32(00000000,?,?,00000000), ref: 6C96C466
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(00000000,?,00000000,6C96628E,?,00000064,00000000,?,?), ref: 6C966309
                                                                            • Part of subcall function 6C966300: FormatMessageA.KERNEL32(00001200,00000000,00000000,00000400,6C9C9D50,00000100,00000000,00000000,?,?), ref: 6C96636E
                                                                            • Part of subcall function 6C966300: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000006,6C962194,?,00000084), ref: 6C966378
                                                                          • GetLastError.KERNEL32 ref: 6C96C4F3
                                                                          Strings
                                                                          • windows_open, xrefs: 6C96C4A0
                                                                          • could not open device %s (interface %d): %s, xrefs: 6C96C4DE
                                                                          • winusbx_open, xrefs: 6C96C4E3
                                                                          • failed to associate handle to I/O completion port: %s, xrefs: 6C96C49B
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$Create$CloseCompletionFileFormatHandleMessagePort
                                                                          • String ID: could not open device %s (interface %d): %s$failed to associate handle to I/O completion port: %s$windows_open$winusbx_open
                                                                          • API String ID: 1257460594-3728281283
                                                                          • Opcode ID: b36f5842bfa1210142c6db5ef3b08130d79edec89168364c1cfce5179fb36bdb
                                                                          • Instruction ID: e4a7ae51526a09fc152806baf2ea24db61534b15d940758c39672bf010450015
                                                                          • Opcode Fuzzy Hash: b36f5842bfa1210142c6db5ef3b08130d79edec89168364c1cfce5179fb36bdb
                                                                          • Instruction Fuzzy Hash: CB31C6B2309200AFEB04DF29DC44F9E77A5EB85368F21066AF215D7AD0C731D815CB51
                                                                          Function 6C985ECA Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 117COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9887A0: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C988D7B,00000002,?,Failed to grow event packet of type %d.,?,?,?,?,?,6C9831D3,?), ref: 6C9887C7
                                                                          • caerLog.LIB_HELP(00000002,Frame Event,Called caerFrameEventSetTSStartOfExposure() with negative value!), ref: 6C985EFF
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C985F5E
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C985F7B
                                                                          Strings
                                                                          • Frame Event, xrefs: 6C985EF8
                                                                          • Called caerFrameEventSetTSStartOfExposure() with negative value!, xrefs: 6C985EF3
                                                                          • Special Event, xrefs: 6C985F57, 6C985F74
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C985F52
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C985F6F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerFrameEventSetTSStartOfExposure() with negative value!$Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$Frame Event$Special Event
                                                                          • API String ID: 1435167524-762996227
                                                                          • Opcode ID: ab1a22a05009fc1a151270686ffcc9cde9698c105dce8c7e30a9b8b06df90702
                                                                          • Instruction ID: aad05eca0062f84a75258aa322701ff96c367848fb4a2ca8d8963b43d90ad2d7
                                                                          • Opcode Fuzzy Hash: ab1a22a05009fc1a151270686ffcc9cde9698c105dce8c7e30a9b8b06df90702
                                                                          • Instruction Fuzzy Hash: E2414771696B009BD710CF29D890B97BBE1AFA1345F084D2DE49ACBA41E730E414CF01
                                                                          Function 6C983150 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 80COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Frame Event,Called caerFrameEventSetTSStartOfFrame() with negative value!), ref: 6C9831B1
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C983209
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C983226
                                                                          Strings
                                                                          • Frame Event, xrefs: 6C9831AA
                                                                          • Called caerFrameEventSetTSStartOfFrame() with negative value!, xrefs: 6C9831A5
                                                                          • Special Event, xrefs: 6C983202, 6C98321F
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C9831FD
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C98321A
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerFrameEventSetTSStartOfFrame() with negative value!$Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$Frame Event$Special Event
                                                                          • API String ID: 1435167524-3986334360
                                                                          • Opcode ID: f22d64c1c447c0f5f2d1ff7e191817605a1f185608d2d04a302fd7bad6c73715
                                                                          • Instruction ID: 147be2c3bd52c7b919f3e1da36d3cbf0b76729800f17a49ebdffc30a1d3fd80f
                                                                          • Opcode Fuzzy Hash: f22d64c1c447c0f5f2d1ff7e191817605a1f185608d2d04a302fd7bad6c73715
                                                                          • Instruction Fuzzy Hash: 0921DDB1906B00ABE710CB34DC95F93B7B4FF61708F04895DE86AABA11F730E1148B61
                                                                          Function 6CE98B3C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 64libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 6CE98B51
                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 6CE98B57
                                                                          • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6CE98B6A
                                                                          • GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6CE98B77
                                                                          • GetLogicalProcessorInformation.KERNEL32(?,?,00000000,6CE98BF0,?,00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6CE98BA2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: InformationLogicalProcessor$AddressErrorHandleLastModuleProc
                                                                          • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                          • API String ID: 1184211438-79381301
                                                                          • Opcode ID: eda50d3ab3b50b82ee2b596f990144de8e24dcd3fa5b2865471992742a9390b7
                                                                          • Instruction ID: f304d6e4e29e6aaa5fa2ce16c9e81b257bd34662b84fa6f0f56bc52fa6c148a0
                                                                          • Opcode Fuzzy Hash: eda50d3ab3b50b82ee2b596f990144de8e24dcd3fa5b2865471992742a9390b7
                                                                          • Instruction Fuzzy Hash: D811B4B5C05248AEDB10DBA5C850A9DB7B8EB4530CF38859BD404D7B60E7388A84CB15
                                                                          Function 6C975FB0 Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventNumber() with negative value!), ref: 6C975FD5
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventValid() with negative value!), ref: 6C975FF6
                                                                          • caerLog.LIB_HELP(00000002,IMU6 Event,Called caerIMU6EventValidate() on already valid event.), ref: 6C976011
                                                                          Strings
                                                                          • Called caerEventPacketHeaderSetEventValid() with negative value!, xrefs: 6C975FEA
                                                                          • Called caerEventPacketHeaderSetEventNumber() with negative value!, xrefs: 6C975FC9
                                                                          • IMU6 Event, xrefs: 6C97600A
                                                                          • Called caerIMU6EventValidate() on already valid event., xrefs: 6C976005
                                                                          • EventPacket Header, xrefs: 6C975FCE, 6C975FEF
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketHeaderSetEventNumber() with negative value!$Called caerEventPacketHeaderSetEventValid() with negative value!$Called caerIMU6EventValidate() on already valid event.$EventPacket Header$IMU6 Event
                                                                          • API String ID: 1435167524-1828931594
                                                                          • Opcode ID: 4270a383111da994bc5fec51f501acacc966cb76be15ac793664612285dc3333
                                                                          • Instruction ID: af744a59af14bd87958994f14729eb95ee57888eb7edddcd58b36c2fab35242d
                                                                          • Opcode Fuzzy Hash: 4270a383111da994bc5fec51f501acacc966cb76be15ac793664612285dc3333
                                                                          • Instruction Fuzzy Hash: 5CF0E9B1909350BBC3708B08BF56B4673E4BFA6708F050908F448B7E51F331E8148262
                                                                          Function 6C972500 Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventNumber() with negative value!), ref: 6C972525
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventValid() with negative value!), ref: 6C972546
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventValidate() on already valid event.), ref: 6C972561
                                                                          Strings
                                                                          • Called caerPolarityEventValidate() on already valid event., xrefs: 6C972555
                                                                          • Called caerEventPacketHeaderSetEventValid() with negative value!, xrefs: 6C97253A
                                                                          • Polarity Event, xrefs: 6C97255A
                                                                          • Called caerEventPacketHeaderSetEventNumber() with negative value!, xrefs: 6C972519
                                                                          • EventPacket Header, xrefs: 6C97251E, 6C97253F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketHeaderSetEventNumber() with negative value!$Called caerEventPacketHeaderSetEventValid() with negative value!$Called caerPolarityEventValidate() on already valid event.$EventPacket Header$Polarity Event
                                                                          • API String ID: 1435167524-1504334551
                                                                          • Opcode ID: af02745c3d78710f73f5daf5994b5418947075712a29a6f79feb98415f345f56
                                                                          • Instruction ID: f3e607f87017d7349ceff9bf3219595de04dc639de56b3e94cbc621b8d9645e4
                                                                          • Opcode Fuzzy Hash: af02745c3d78710f73f5daf5994b5418947075712a29a6f79feb98415f345f56
                                                                          • Instruction Fuzzy Hash: 8CF0E971549710BBC3708B08BEAAB4677E4AFB6709F050948F44C77E56F330E5044662
                                                                          Function 6C972610 Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventNumber() with negative value!), ref: 6C972635
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventValid() with negative value!), ref: 6C972656
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventValidate() on already valid event.), ref: 6C972671
                                                                          Strings
                                                                          • Called caerEventPacketHeaderSetEventValid() with negative value!, xrefs: 6C97264A
                                                                          • Called caerSpecialEventValidate() on already valid event., xrefs: 6C972665
                                                                          • Called caerEventPacketHeaderSetEventNumber() with negative value!, xrefs: 6C972629
                                                                          • Special Event, xrefs: 6C97266A
                                                                          • EventPacket Header, xrefs: 6C97262E, 6C97264F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketHeaderSetEventNumber() with negative value!$Called caerEventPacketHeaderSetEventValid() with negative value!$Called caerSpecialEventValidate() on already valid event.$EventPacket Header$Special Event
                                                                          • API String ID: 1435167524-3597121969
                                                                          • Opcode ID: 32221cfb4ddbf0cfffe5141f3e47422378cbe52bc06788afc64cb0656c07da46
                                                                          • Instruction ID: 3ab8b0d1c843fe0b3d98f69fcdb4eb084037b760abdc8fae68e7692410bc3f35
                                                                          • Opcode Fuzzy Hash: 32221cfb4ddbf0cfffe5141f3e47422378cbe52bc06788afc64cb0656c07da46
                                                                          • Instruction Fuzzy Hash: 22F0E971545750BBC7308B04BE96B47B3E4AFB1708F05095AF48877E67F331E50445A6
                                                                          Function 6C96D980 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 238COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID: ReadPipe/WritePipe failed: %s$cannot change ZERO_PACKET for endpoint %02X on Windows$failed to set SHORT_PACKET_TERMINATE for endpoint %02X$matched endpoint %02X with interface %d$reading %d bytes$unable to match endpoint to an open interface - cancelling transfer$winusbx_submit_bulk_transfer$writing %d bytes
                                                                          • API String ID: 1452528299-937320073
                                                                          • Opcode ID: f28fe0ef3e01c863a3193a98abfd0d7d8044127e75029d913a230c29fb82a5bf
                                                                          • Instruction ID: 2c1d708fa65ff11d6b80f079962d419205e32046501a95cdf91dfd663c9a4341
                                                                          • Opcode Fuzzy Hash: f28fe0ef3e01c863a3193a98abfd0d7d8044127e75029d913a230c29fb82a5bf
                                                                          • Instruction Fuzzy Hash: 6371B1723087419FE7108A3A9D80E6A77E4AB41718F24096DF9A5C7FD1D736E908C7A1
                                                                          Function 6C9754E0 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerBiasCoarseFine1024FromCurrent.LIB_HELP(000186A0), ref: 6C9754E6
                                                                          • caerBiasCoarseFine1024FromCurrent.LIB_HELP(00000001,?,00000005,00000000,00000000,000186A0), ref: 6C975511
                                                                            • Part of subcall function 6C971EA0: __floor_pentium4.LIBCMT ref: 6C971F58
                                                                          • caerBiasCoarseFine1024FromCurrent.LIB_HELP(00002710,?,00000005,00000002,00000000,?,00000005,00000001,00000000,00000001,?,00000005,00000000,00000000,000186A0), ref: 6C975547
                                                                          • caerBiasCoarseFine1024FromCurrent.LIB_HELP(000000C8), ref: 6C975574
                                                                          • caerBiasCoarseFine1024FromCurrent.LIB_HELP(00002710,?,00000005,00000004,00000000,000000C8), ref: 6C97559E
                                                                          • caerBiasCoarseFine1024FromCurrent.LIB_HELP(00061A80,?,00000005,00000005,00000000,00002710,?,00000005,00000004,00000000,000000C8), ref: 6C9755C8
                                                                          • caerBiasCoarseFine1024FromCurrent.LIB_HELP(00061A80,?,00000005,00000006,00000000,00061A80,?,00000005,00000005,00000000,00002710,?,00000005,00000004,00000000,000000C8), ref: 6C9755F2
                                                                          • caerBiasCoarseFine1024FromCurrent.LIB_HELP(000186A0,?,00000005,00000007,00000000), ref: 6C97561F
                                                                          • caerBiasCoarseFine1024FromCurrent.LIB_HELP(00002710,?,00000005,00000008,00000000,000186A0,?,00000005,00000007,00000000), ref: 6C975649
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: BiasCoarseCurrentFine1024Fromcaer$__floor_pentium4
                                                                          • String ID:
                                                                          • API String ID: 2332556583-0
                                                                          • Opcode ID: 330feb09aff260638a41e5e721684be0af90d64ca4e7057f186ffb58721893d4
                                                                          • Instruction ID: e70f674fc0885ba67077c1c869e32cf54c50e1a589ccce9f4cfcd77351a48420
                                                                          • Opcode Fuzzy Hash: 330feb09aff260638a41e5e721684be0af90d64ca4e7057f186ffb58721893d4
                                                                          • Instruction Fuzzy Hash: D531EE72FB2A112BF72911348C2FBBE0049EF71B54F440538BB1BA9AC1F9C8964541B6
                                                                          Function 6C9671F0 Relevance: 13.6, APIs: 4, Strings: 5, Instructions: 109COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,00000084,-00000058,76ECE820,-0000001C,6C9622D0,-00000058), ref: 6C967243
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96725E
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96727C
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C9672A2
                                                                          Strings
                                                                          • windows_submit_transfer, xrefs: 6C96722B, 6C9672D2, 6C9672EE, 6C96730E
                                                                          • unknown endpoint type %d, xrefs: 6C967309
                                                                          • bulk stream transfers are not yet supported on this platform, xrefs: 6C9672E9
                                                                          • program assertion failed - transfer HANDLE is not NULL, xrefs: 6C967226
                                                                          • program assertion failed - transfer HANDLE is NULL after transfer was submitted, xrefs: 6C9672CD
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: bulk stream transfers are not yet supported on this platform$program assertion failed - transfer HANDLE is NULL after transfer was submitted$program assertion failed - transfer HANDLE is not NULL$unknown endpoint type %d$windows_submit_transfer
                                                                          • API String ID: 3168844106-1010336636
                                                                          • Opcode ID: 463c3bd768887b324b2a56a107564edffffb5d10115880bf721cbbca1426dbcb
                                                                          • Instruction ID: 39c6e08d4285927c64b70c38c64b75cca43af458764164cb226a5574a9fa17e9
                                                                          • Opcode Fuzzy Hash: 463c3bd768887b324b2a56a107564edffffb5d10115880bf721cbbca1426dbcb
                                                                          • Instruction Fuzzy Hash: 3631A4B9205200AFDB04CF5ED880F9BB7A4EF96329F1041A9F914DBB81D731E955CBA1
                                                                          Function 004FAD00 Relevance: 13.0, Strings: 10, Instructions: 452COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %G$ %G,$%d, %04d-%02d-%02d %02d:%02d:%02d:%03d,$, $, Time$, Time($.bmp$.txt$No.$Tb
                                                                          • API String ID: 0-2302150001
                                                                          • Opcode ID: 7d1a152eff1c27812f854afec02f318db9b6254c25f03dad7d4ac456b826a254
                                                                          • Instruction ID: 5376230d2904e8387df2a0cf365d847e41dbaa0e321e4e3daa80c4efc974e27a
                                                                          • Opcode Fuzzy Hash: 7d1a152eff1c27812f854afec02f318db9b6254c25f03dad7d4ac456b826a254
                                                                          • Instruction Fuzzy Hash: A202B2741483829BC368DB25C899BAFBBE9BFD5300F008A1DF5DA47291DF749509CB62
                                                                          Function 0054B410 Relevance: 12.7, Strings: 10, Instructions: 154COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ASIO MADIface$CAMP$IEPE$RME ADI-2 Pro$RME ADI-2/4 PRO SE$RTA$RTX ASIO$RTX6001$b]A$b]A
                                                                          • API String ID: 0-598953488
                                                                          • Opcode ID: 68f29f378c0a4b73a857ae3e39d40b9cfe90f8989c9a23ee58d2fab4ec7287fd
                                                                          • Instruction ID: 143921cbc417d666c876bf68f75018368370d5b45d0a634341a73e9b1d9b5266
                                                                          • Opcode Fuzzy Hash: 68f29f378c0a4b73a857ae3e39d40b9cfe90f8989c9a23ee58d2fab4ec7287fd
                                                                          • Instruction Fuzzy Hash: C251F571E0029697EB04DF999846BEDBF6AFF85318F200134E995E72C2EB74D9008B51
                                                                          Function 6C9721A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 152COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C97221D
                                                                          • caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,?,?), ref: 6C972275
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacketConst() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C972321
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C97231A
                                                                          • Called caerEventPacketContainerGetEventPacketConst() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C972315
                                                                          • Generic Event, xrefs: 6C972216, 6C97226E
                                                                          • Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C972211, 6C972269
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketContainerGetEventPacketConst() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container$Generic Event
                                                                          • API String ID: 1435167524-4288985156
                                                                          • Opcode ID: d48fff21d2d8ed5ac60b34a73003435821473b52f6921675cbdb9e381c70032c
                                                                          • Instruction ID: ae3eb5d10b6b57136e0389fd4b12552d3641119f0f84357b6d19d69dd8962009
                                                                          • Opcode Fuzzy Hash: d48fff21d2d8ed5ac60b34a73003435821473b52f6921675cbdb9e381c70032c
                                                                          • Instruction Fuzzy Hash: F051AEB0616B41CFD328CF18C484A1BB7E0FF98718F104A2DF4A997B51E730E9068B62
                                                                          Function 6C9796F7 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 150COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C974F20: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C972947,00000007,?,Shutting down ...), ref: 6C974F39
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C97975A
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C97977A
                                                                          Strings
                                                                          • External generator (rising edge) event received., xrefs: 6C9796FB
                                                                          • Special Event, xrefs: 6C979753, 6C979773
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C97974E
                                                                          • Failed to allocate polarity event packet., xrefs: 6C9790EC
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C97976E
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$External generator (rising edge) event received.$Failed to allocate polarity event packet.$Special Event
                                                                          • API String ID: 1435167524-2656400870
                                                                          • Opcode ID: e81379e4a773646f34fca802548e2138db88e05fdedc62d8a7346d65df9a7e75
                                                                          • Instruction ID: cb1e9671e61bd2803272cf101d3043114352db5be1126dbe4ef27c53d44c871b
                                                                          • Opcode Fuzzy Hash: e81379e4a773646f34fca802548e2138db88e05fdedc62d8a7346d65df9a7e75
                                                                          • Instruction Fuzzy Hash: 8C51D670A46602EFD734CF25C885BD5B3A4FF56318F050719E86897A91E731E928CBB1
                                                                          Function 6C97964B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 150COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C974F20: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C972947,00000007,?,Shutting down ...), ref: 6C974F39
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C9796AE
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C9796CE
                                                                          Strings
                                                                          • Special Event, xrefs: 6C9796A7, 6C9796C7
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C9796A2
                                                                          • Failed to allocate polarity event packet., xrefs: 6C9790EC
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C9796C2
                                                                          • External generator (falling edge) event received., xrefs: 6C97964F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$External generator (falling edge) event received.$Failed to allocate polarity event packet.$Special Event
                                                                          • API String ID: 1435167524-2003907605
                                                                          • Opcode ID: 9fc7c51fed2c666dd9c99a92e1cdbb987da40a7456101357b13d8ec1545f0a09
                                                                          • Instruction ID: a0002bbd72353b193e6e29c94edd97341fd33ac1d4348d3434f589dcfbcde6c6
                                                                          • Opcode Fuzzy Hash: 9fc7c51fed2c666dd9c99a92e1cdbb987da40a7456101357b13d8ec1545f0a09
                                                                          • Instruction Fuzzy Hash: 3C51F770A46602EFD734CF25C844BD5B3A4FF56318F050719E86897A91E731E924CBB1
                                                                          Function 6C9741D3 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 145COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C974F20: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C972947,00000007,?,Shutting down ...), ref: 6C974F39
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C974232
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C974252
                                                                          Strings
                                                                          • External generator (rising edge) event received., xrefs: 6C9741D3
                                                                          • Special Event, xrefs: 6C97422B, 6C97424B
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C974226
                                                                          • Failed to allocate polarity event packet., xrefs: 6C973BD6
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C974246
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$External generator (rising edge) event received.$Failed to allocate polarity event packet.$Special Event
                                                                          • API String ID: 1435167524-2656400870
                                                                          • Opcode ID: 474806367602523bed071234b2bfc27004a009b332ea96bf1c1833e39d7b7843
                                                                          • Instruction ID: 6504679af1118300be9df10b7fc5ab1f39dd979d683670fde2c819081d32851d
                                                                          • Opcode Fuzzy Hash: 474806367602523bed071234b2bfc27004a009b332ea96bf1c1833e39d7b7843
                                                                          • Instruction Fuzzy Hash: 1951D471646742DFE730CF35C891BA6B7E4AF51318F084A2DE4A987A92E770E4588F31
                                                                          Function 6C97412B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 145COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C974F20: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C972947,00000007,?,Shutting down ...), ref: 6C974F39
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C97418A
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C9741AA
                                                                          Strings
                                                                          • Special Event, xrefs: 6C974183, 6C9741A3
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C97417E
                                                                          • Failed to allocate polarity event packet., xrefs: 6C973BD6
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C97419E
                                                                          • External generator (falling edge) event received., xrefs: 6C97412B
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$External generator (falling edge) event received.$Failed to allocate polarity event packet.$Special Event
                                                                          • API String ID: 1435167524-2003907605
                                                                          • Opcode ID: a05554e006a6a7f39b2afaa53bc2fb3472895f230768351afc5270ed12527bb2
                                                                          • Instruction ID: 4c256446e0c1394d69c5ba3ed84847c3faa504a290e5120b9efe47281901290c
                                                                          • Opcode Fuzzy Hash: a05554e006a6a7f39b2afaa53bc2fb3472895f230768351afc5270ed12527bb2
                                                                          • Instruction Fuzzy Hash: 9D51C271646742DFE730CF24C891BA6B7E4AF51318F084A29E4A987A92E770E058CF31
                                                                          Function 6C976380 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C974F20: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C972947,00000007,?,Shutting down ...), ref: 6C974F39
                                                                          • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 6C97645C
                                                                          • SetWaitableTimer.KERNEL32(00000000,FFFFD8F0,00000000,00000000,00000000,00000000), ref: 6C976472
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C97647B
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C976482
                                                                          Strings
                                                                          • Shutting down ..., xrefs: 6C97638A
                                                                          • Shutdown successful., xrefs: 6C9764CB
                                                                          • Unable to cancel libusb transfer %zu (debug channel). Error: %s (%d)., xrefs: 6C976427
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: TimerWaitable$CloseCreateFullHandleObjectSingleWaitcaer
                                                                          • String ID: Shutdown successful.$Shutting down ...$Unable to cancel libusb transfer %zu (debug channel). Error: %s (%d).
                                                                          • API String ID: 4109839672-1969140064
                                                                          • Opcode ID: 638c736a319823f69a90c41b384316745c5f0b7c621cfce888dc053e07448d12
                                                                          • Instruction ID: 24b8052056d1904c65a3f5a68efaf530190b981ce5d1ae2d626352d42a170e47
                                                                          • Opcode Fuzzy Hash: 638c736a319823f69a90c41b384316745c5f0b7c621cfce888dc053e07448d12
                                                                          • Instruction Fuzzy Hash: CA41D371941300BBE7206B21CC45F9B76A8AF62719F580214F614ABAD0DB34E519CBB6
                                                                          Function 6C983CB0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 107timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9887A0: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C988D7B,00000002,?,Failed to grow event packet of type %d.,?,?,?,?,?,6C9831D3,?), ref: 6C9887C7
                                                                          • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 6C983D6C
                                                                          • SetWaitableTimer.KERNEL32(00000000,FFFFD8F0,00000000,00000000,00000000,00000000), ref: 6C983D82
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C983D8B
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C983D92
                                                                            • Part of subcall function 6C962360: EnterCriticalSection.KERNEL32(?,000F4297,00000000,?,76ECE820), ref: 6C962393
                                                                            • Part of subcall function 6C962360: LeaveCriticalSection.KERNEL32(?), ref: 6C9623D6
                                                                          Strings
                                                                          • Shutting down ..., xrefs: 6C983CB9
                                                                          • Shutdown successful., xrefs: 6C983DDF
                                                                          • Unable to cancel libusb transfer %zu (debug channel). Error: %s (%d)., xrefs: 6C983D37
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSectionTimerWaitable$CloseCreateEnterFullHandleLeaveObjectSingleWaitcaer
                                                                          • String ID: Shutdown successful.$Shutting down ...$Unable to cancel libusb transfer %zu (debug channel). Error: %s (%d).
                                                                          • API String ID: 3421922295-1969140064
                                                                          • Opcode ID: b61f9c72dc837c0f522d042e2f4e73816f1bbec16c3234c71d17be1a3ca3cc9e
                                                                          • Instruction ID: 2476949988c7c7466ca35080396d188715b0cf675e5b25c4590add4644c3a92c
                                                                          • Opcode Fuzzy Hash: b61f9c72dc837c0f522d042e2f4e73816f1bbec16c3234c71d17be1a3ca3cc9e
                                                                          • Instruction Fuzzy Hash: C8310676942300BFE7106B31CC05F9B76B8BF62B19F180A54F5146BAD0DB70E409CBA6
                                                                          Function 6C972930 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C974F20: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C972947,00000007,?,Shutting down ...), ref: 6C974F39
                                                                          • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 6C9729DC
                                                                          • SetWaitableTimer.KERNEL32(00000000,FFFFD8F0,00000000,00000000,00000000,00000000), ref: 6C9729F2
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C9729FB
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C972A02
                                                                            • Part of subcall function 6C962360: EnterCriticalSection.KERNEL32(?,000F4297,00000000,?,76ECE820), ref: 6C962393
                                                                            • Part of subcall function 6C962360: LeaveCriticalSection.KERNEL32(?), ref: 6C9623D6
                                                                          Strings
                                                                          • Shutting down ..., xrefs: 6C97293A
                                                                          • Shutdown successful., xrefs: 6C972A4B
                                                                          • Unable to cancel libusb transfer %zu (debug channel). Error: %s (%d)., xrefs: 6C9729A7
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSectionTimerWaitable$CloseCreateEnterFullHandleLeaveObjectSingleWaitcaer
                                                                          • String ID: Shutdown successful.$Shutting down ...$Unable to cancel libusb transfer %zu (debug channel). Error: %s (%d).
                                                                          • API String ID: 3421922295-1969140064
                                                                          • Opcode ID: 1a006b844c24ccadc40a9f3e978e77e7e5ae5faef2d7b09c57cb1f3e10beb1dd
                                                                          • Instruction ID: b232af2af79fd4778a3d89f22c202a42dbf37b9e4b6bb916149f064299d23e52
                                                                          • Opcode Fuzzy Hash: 1a006b844c24ccadc40a9f3e978e77e7e5ae5faef2d7b09c57cb1f3e10beb1dd
                                                                          • Instruction Fuzzy Hash: 0F312772911610FBD7206B21CC48F9F7668BF62719F180214F51467AD0DB30E509CBB6
                                                                          Function 6C961F00 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 90timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetWaitableTimer.KERNEL32(00000010,FFFFFFFF,00000000,00000000,00000000,00000000), ref: 6C961F84
                                                                          • CancelWaitableTimer.KERNEL32(00000010), ref: 6C961FE2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: TimerWaitable$Cancel
                                                                          • String ID: SetWaitableTimer failed: %s$arm_timer_for_next_timeout$next timeout originally %ums$no timeouts, disarming timer$usbi_disarm_timer
                                                                          • API String ID: 4258956477-3531451954
                                                                          • Opcode ID: 64e26af7000ac1c4c063004e302c547bdec36ddb4385027e98d18d3ff60e718c
                                                                          • Instruction ID: 45f0118e1f6e1961979516f0df77676a53b7613ef56178109659fc03a5cafb53
                                                                          • Opcode Fuzzy Hash: 64e26af7000ac1c4c063004e302c547bdec36ddb4385027e98d18d3ff60e718c
                                                                          • Instruction Fuzzy Hash: B1214975308205ABF7109E26DC41F56B7A8EB9131CF200669F528EBEC1D731E529C7D4
                                                                          Function 6C964ED0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: libusb_open$open %d.%d$open %d.%d returns %d
                                                                          • API String ID: 0-252466578
                                                                          • Opcode ID: a3357a4f15960967536420ca3467fb4424f0a66ba8ead75d649f7c0ea5e75e33
                                                                          • Instruction ID: 0823b6556fa78fca1852cb01d95b05e8d617ac0cd69dbb61683491c498bd3d82
                                                                          • Opcode Fuzzy Hash: a3357a4f15960967536420ca3467fb4424f0a66ba8ead75d649f7c0ea5e75e33
                                                                          • Instruction Fuzzy Hash: 45212CB2244214BFE301DF96DC00DA7BBFCEFA5326B04852AF589C6A81D335E515CBA1
                                                                          Function 6C9797BD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C974F20: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C972947,00000007,?,Shutting down ...), ref: 6C974F39
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C979834
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C979854
                                                                          Strings
                                                                          • Start of Frame column marker detected., xrefs: 6C9797D5
                                                                          • Special Event, xrefs: 6C97982D, 6C97984D
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C979828
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C979848
                                                                          • DVS: X address out of range (0-%d): %hu, due to USB communication issue., xrefs: 6C979896
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$DVS: X address out of range (0-%d): %hu, due to USB communication issue.$Special Event$Start of Frame column marker detected.
                                                                          • API String ID: 1435167524-2118973980
                                                                          • Opcode ID: e8266518f911795c2702d1252f6db606c019dd1c856013cd449aa17f70a91479
                                                                          • Instruction ID: 6805758a4fd5f1cabd798168f46f3422c6339b69096a619e8448d38338242503
                                                                          • Opcode Fuzzy Hash: e8266518f911795c2702d1252f6db606c019dd1c856013cd449aa17f70a91479
                                                                          • Instruction Fuzzy Hash: F021F270A46601BFD3249B20CD91FE6B3A8FB24308F050558EC2897A42F371EA248BB1
                                                                          Function 6C967730 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(000000DA,6C964EB2,00000002), ref: 6C96777E
                                                                          • SetEvent.KERNEL32(?), ref: 6C9677B3
                                                                          • LeaveCriticalSection.KERNEL32(000000DA), ref: 6C9677DB
                                                                          Strings
                                                                          • usbi_hotplug_notification, xrefs: 6C967759
                                                                          • error allocating hotplug message, xrefs: 6C967754
                                                                          • SetEvent failed: %s, xrefs: 6C9677C5
                                                                          • usbi_signal_event, xrefs: 6C9677CA
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterEventLeave
                                                                          • String ID: SetEvent failed: %s$error allocating hotplug message$usbi_hotplug_notification$usbi_signal_event
                                                                          • API String ID: 3094578987-552832912
                                                                          • Opcode ID: 4fbe08076b8749cae1a8a303e34cdb19da44cee1e6ad042db461a795cd295d36
                                                                          • Instruction ID: 766e4ae27291e3f3e9a41aa203d63d128579ae511770bb38605491a4e18ca334
                                                                          • Opcode Fuzzy Hash: 4fbe08076b8749cae1a8a303e34cdb19da44cee1e6ad042db461a795cd295d36
                                                                          • Instruction Fuzzy Hash: 57110DB5700206BBD7009F2ADC80B9ABBA8FB9571AF004165E508EBB81E771E815C7A0
                                                                          Function 6C963560 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C9635A5
                                                                          • SetEvent.KERNEL32(?), ref: 6C9635DA
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C963603
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterEventLeave
                                                                          • String ID: SetEvent failed: %s$add HANDLE %p events %d$usbi_add_event_source$usbi_signal_event
                                                                          • API String ID: 3094578987-1931901662
                                                                          • Opcode ID: 64354bd1ff58c731f7adf4dcf51372932a7132d7665e24bfe53479f8223f9114
                                                                          • Instruction ID: e41c66a2dfb96ffa19e19fefe76853b6ee085c1797a5585070550a0799578424
                                                                          • Opcode Fuzzy Hash: 64354bd1ff58c731f7adf4dcf51372932a7132d7665e24bfe53479f8223f9114
                                                                          • Instruction Fuzzy Hash: 8F119AB9244602ABD3109F369C41F97BBA8FF84328F108929E50AD7B82E730E404C790
                                                                          Function 6CEB8EF4 Relevance: 12.1, APIs: 8, Instructions: 98filewindowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CEB8CFC: VirtualQuery.KERNEL32(?,?,0000001C,00000000,6CEB8EAA), ref: 6CEB8D2F
                                                                            • Part of subcall function 6CEB8CFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 6CEB8D53
                                                                            • Part of subcall function 6CEB8CFC: GetModuleFileNameW.KERNEL32(MZP,?,00000105), ref: 6CEB8D6E
                                                                            • Part of subcall function 6CEB8CFC: LoadStringW.USER32(00000000,0000FFED,?,00000100), ref: 6CEB8E09
                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,6CEB901B), ref: 6CEB8F55
                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 6CEB8F88
                                                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 6CEB8F9A
                                                                          • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 6CEB8FA0
                                                                          • GetStdHandle.KERNEL32(000000F4,6CEB9034,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 6CEB8FB4
                                                                          • WriteFile.KERNEL32(00000000,000000F4,6CEB9034,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 6CEB8FBA
                                                                          • LoadStringW.USER32(00000000,0000FFEE,?,00000040), ref: 6CEB8FDE
                                                                          • MessageBoxW.USER32(00000000,?,?,00002010), ref: 6CEB8FF8
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
                                                                          • String ID:
                                                                          • API String ID: 135118572-0
                                                                          • Opcode ID: 191ac40da17d77f08482ba66e39603614ab0fdf943c052e7396a3e52d09cd6fe
                                                                          • Instruction ID: 4c98cccb6ef18b0318928b815daaa96161374e0235562bccbcead4f384b97b32
                                                                          • Opcode Fuzzy Hash: 191ac40da17d77f08482ba66e39603614ab0fdf943c052e7396a3e52d09cd6fe
                                                                          • Instruction Fuzzy Hash: D43181B1644214BEEB54DB94CD82FEA73BCEB05704F604059BA04EB6C0DA70AE488B65
                                                                          Function 004146E0 Relevance: 11.7, Strings: 9, Instructions: 478COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: DAO_GetDeviceInfo$DAO_GetDeviceList$Fail to load Device Dll$MyDAO.dll$NI $NIDAO.dll$SoundCardASIODAQO.dll$SoundCardMMEDAO.dll$VTDAO1.dll
                                                                          • API String ID: 0-1141972481
                                                                          • Opcode ID: e9a00bfbd84050e6a3d4ce8f15734161de81fcc45cc79a86b49be72f4d464be8
                                                                          • Instruction ID: fad9ff1ab4e9ae3fcc21533c7ca6da87a3a7cf44f171eb168db17ec1e2f74dd4
                                                                          • Opcode Fuzzy Hash: e9a00bfbd84050e6a3d4ce8f15734161de81fcc45cc79a86b49be72f4d464be8
                                                                          • Instruction Fuzzy Hash: E4020A71A40349ABDB14DBA0CD86FEEB7B9BF84700F104119F586B72C1DBB4AA45CB25
                                                                          Function 0054AB40 Relevance: 11.4, Strings: 9, Instructions: 191COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ADI-2 Pro$ADI-2/4 P$CAMP$Digital Audio Interface$IEPE$RME ADI-2 Pro$RME ADI-2/4 PRO SE$RTA$RTX6001
                                                                          • API String ID: 0-4033706864
                                                                          • Opcode ID: 1abf6ffd691453b353b0171cc69dfab39985d40b63e522169dea12baddbb146a
                                                                          • Instruction ID: 53fb4e1f0e747cc1460e4c8537ed2ca51155eb46eba9e502d15c6e0f911904f8
                                                                          • Opcode Fuzzy Hash: 1abf6ffd691453b353b0171cc69dfab39985d40b63e522169dea12baddbb146a
                                                                          • Instruction Fuzzy Hash: 3C51F3316847D34AD3C8DF21EC86BAA7B99BBD0B59F10093CB891D22D4DF54C8488B13
                                                                          Function 005BF760 Relevance: 11.4, Strings: 9, Instructions: 132COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: /Hz$;No., Frequency (Hz), $dBA$dBB$dBC$dBFS$dBI$dBr$dBu
                                                                          • API String ID: 0-101205050
                                                                          • Opcode ID: e7a3980d5d0d689cf5f99e8e146e52c8db2709aa5883976373b584779c2d7fec
                                                                          • Instruction ID: 335420351bcfd52a9cc9ccbbd2e765297c9a5b6c673f07b0327c6a82a25a3b26
                                                                          • Opcode Fuzzy Hash: e7a3980d5d0d689cf5f99e8e146e52c8db2709aa5883976373b584779c2d7fec
                                                                          • Instruction Fuzzy Hash: B5514430248783ABD318DF25C855BEABB99BB95700F00982DF4D652192DBB4E945CB52
                                                                          Function 6C99F5C0 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: _strrchr
                                                                          • String ID:
                                                                          • API String ID: 3213747228-0
                                                                          • Opcode ID: bfa352f185ff0a6843105d713fe7eb77d533f46736e872c96a113c59396da22f
                                                                          • Instruction ID: 2c3573a560656c62fc8654b9d5008067cbfd5f8ea45f8a4087c5cc9cb47b51a9
                                                                          • Opcode Fuzzy Hash: bfa352f185ff0a6843105d713fe7eb77d533f46736e872c96a113c59396da22f
                                                                          • Instruction Fuzzy Hash: 83B13872A053569FEB018E68CC81BEABBA9EF6571CF1C4195F904ABB81D370D905C7A0
                                                                          Function 6C990BAA Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • type_info::operator==.LIBVCRUNTIME ref: 6C990CC9
                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 6C990DD7
                                                                          • CallUnexpected.LIBVCRUNTIME ref: 6C990F44
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CallMatchTypeUnexpectedtype_info::operator==
                                                                          • String ID: csm$csm$csm
                                                                          • API String ID: 1206542248-393685449
                                                                          • Opcode ID: 49ab9426fe753ec1f9d9911e27ea930bcc273706cadc5b513eaa6d8b2a2c9462
                                                                          • Instruction ID: 11fa10b1bd71f3a0977d3fa6624a7a757efd71418bddd40e72820cef34646307
                                                                          • Opcode Fuzzy Hash: 49ab9426fe753ec1f9d9911e27ea930bcc273706cadc5b513eaa6d8b2a2c9462
                                                                          • Instruction Fuzzy Hash: 7EB1AD71C00289DFCF04CFA6C98099EBBB9FF2C318F18559AE8256BA11D731DA51CB91
                                                                          Function 6C976020 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 230COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C974F20: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C972947,00000007,?,Shutting down ...), ref: 6C974F39
                                                                          • caerLog.LIB_HELP(00000002,IMU6 Event,Called caerIMU6EventSetTimestamp() with negative value!), ref: 6C9762D0
                                                                          Strings
                                                                          • IMU Scale Config event (%hhu) received., xrefs: 6C97606C
                                                                          • Error message: '%s' (code %u at time %u)., xrefs: 6C976351
                                                                          • IMU6 Event, xrefs: 6C9762C9
                                                                          • Called caerIMU6EventSetTimestamp() with negative value!, xrefs: 6C9762C4
                                                                          • Unknown/invalid debug message., xrefs: 6C976364
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerIMU6EventSetTimestamp() with negative value!$Error message: '%s' (code %u at time %u).$IMU Scale Config event (%hhu) received.$IMU6 Event$Unknown/invalid debug message.
                                                                          • API String ID: 1435167524-184476902
                                                                          • Opcode ID: e17bd89fd983ad4f9e090a0a457d9e2b7141bba88f38b4a3572bd799e051eaa9
                                                                          • Instruction ID: 4ad3a41b704643488a1e5488b910894da766349be62b1a527d6281be6b4963af
                                                                          • Opcode Fuzzy Hash: e17bd89fd983ad4f9e090a0a457d9e2b7141bba88f38b4a3572bd799e051eaa9
                                                                          • Instruction Fuzzy Hash: CD914770919BE669D312D63684507F2FBE4AFAE305F04871AF0EAE7581F324A1D4DB50
                                                                          Function 6C9798BB Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 229COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C9799D7
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,Polarity Event,Called caerPolarityEventSetTimestamp() with negative value!), ref: 6C9799F7
                                                                          Strings
                                                                          • Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C9799CB
                                                                          • Polarity Event, xrefs: 6C9799D0, 6C9799F0
                                                                          • Failed to allocate polarity event packet., xrefs: 6C9790EC
                                                                          • Called caerPolarityEventSetTimestamp() with negative value!, xrefs: 6C9799EB
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerPolarityEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerPolarityEventSetTimestamp() with negative value!$Failed to allocate polarity event packet.$Polarity Event
                                                                          • API String ID: 1435167524-4079811864
                                                                          • Opcode ID: 0a2ccf0fcd90add2b3e27ab948754f9d2bb2f4401b2357784b49cc0cdb941fc2
                                                                          • Instruction ID: de28d7a3e1f8f477c8f47f0d9d4f2047ad3d2ff43da78394608dbef4647c9dfe
                                                                          • Opcode Fuzzy Hash: 0a2ccf0fcd90add2b3e27ab948754f9d2bb2f4401b2357784b49cc0cdb941fc2
                                                                          • Instruction Fuzzy Hash: 2B810870706612EBE728CF35C8547A5F7E4FB56318F050729E8A887A80E735E954CBA1
                                                                          Function 6C979ECE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 200COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C979F71
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Timestamp wrap event received with multiplier of %hu., xrefs: 6C979FD7
                                                                          • Timestamps: non strictly-monotonic timestamp detected: lastTimestamp=%i, currentTimestamp=%i, difference=%i., xrefs: 6C979FC2
                                                                          • Special Event, xrefs: 6C979F6A
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C979F65
                                                                          • Failed to allocate polarity event packet., xrefs: 6C9790EC
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Failed to allocate polarity event packet.$Special Event$Timestamp wrap event received with multiplier of %hu.$Timestamps: non strictly-monotonic timestamp detected: lastTimestamp=%i, currentTimestamp=%i, difference=%i.
                                                                          • API String ID: 1435167524-1183070593
                                                                          • Opcode ID: 4660a4d945390ecae48f7767883acb39229f47930b9a8754c6c261ee88b95611
                                                                          • Instruction ID: 3765394144e08506702ec548200e8925fb2702e44831d3bd439432772e8aa477
                                                                          • Opcode Fuzzy Hash: 4660a4d945390ecae48f7767883acb39229f47930b9a8754c6c261ee88b95611
                                                                          • Instruction Fuzzy Hash: 3471E070A46A02EFD7288F25C845BD5F7E4FB56318F050719E86487A91E731E928CBA1
                                                                          Function 6C974AB9 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 192COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C974B55
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Timestamp wrap event received with multiplier of %hu., xrefs: 6C974BBE
                                                                          • Timestamps: non strictly-monotonic timestamp detected: lastTimestamp=%i, currentTimestamp=%i, difference=%i., xrefs: 6C974BA6
                                                                          • Special Event, xrefs: 6C974B4E
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C974B49
                                                                          • Failed to allocate polarity event packet., xrefs: 6C973BD6
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Failed to allocate polarity event packet.$Special Event$Timestamp wrap event received with multiplier of %hu.$Timestamps: non strictly-monotonic timestamp detected: lastTimestamp=%i, currentTimestamp=%i, difference=%i.
                                                                          • API String ID: 1435167524-1183070593
                                                                          • Opcode ID: e5192be67edaf0f6d9f109ac93dbbc901e4ced73bf5fa034232b485b5bdb9bde
                                                                          • Instruction ID: 2bafe4b9f1d20b21b9b06ca7346761f3be8d408648461b1450c1155d9cfc382e
                                                                          • Opcode Fuzzy Hash: e5192be67edaf0f6d9f109ac93dbbc901e4ced73bf5fa034232b485b5bdb9bde
                                                                          • Instruction Fuzzy Hash: 9971A4B1546B429FE734CF34C851BA6B7E8BB51318F084A2DE4A987A92E731E444CF31
                                                                          Function 6C9E9E0B Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,6C9EA580,?,00000000,?,00000000,00000000), ref: 6C9E9E4D
                                                                          • __fassign.LIBCMT ref: 6C9E9EC8
                                                                          • __fassign.LIBCMT ref: 6C9E9EE3
                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 6C9E9F09
                                                                          • WriteFile.KERNEL32(?,?,00000000,6C9EA580,00000000,?,?,?,?,?,?,?,?,?,6C9EA580,?), ref: 6C9E9F28
                                                                          • WriteFile.KERNEL32(?,?,00000001,6C9EA580,00000000,?,?,?,?,?,?,?,?,?,6C9EA580,?), ref: 6C9E9F61
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                          • String ID:
                                                                          • API String ID: 1324828854-0
                                                                          • Opcode ID: 3aedd400e24ed3e7f03080444a01a13a6e0eb74a37358ecf72da817f941d4a7f
                                                                          • Instruction ID: f6175d07390f228a252bbd32f7acef40aaa571dfe2b398ac5064ffbe1fa6a2a5
                                                                          • Opcode Fuzzy Hash: 3aedd400e24ed3e7f03080444a01a13a6e0eb74a37358ecf72da817f941d4a7f
                                                                          • Instruction Fuzzy Hash: B951E471A042099FDB01CFA8C880AEEBBF8EF6D304F25451AE955E7781D771DA51CB60
                                                                          Function 6CE98DD0 Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6CE99290: GetCurrentThreadId.KERNEL32 ref: 6CE99293
                                                                          • GetTickCount.KERNEL32 ref: 6CE98E07
                                                                          • GetTickCount.KERNEL32 ref: 6CE98E1F
                                                                          • GetCurrentThreadId.KERNEL32 ref: 6CE98E4E
                                                                          • GetTickCount.KERNEL32 ref: 6CE98E79
                                                                          • GetTickCount.KERNEL32 ref: 6CE98EB0
                                                                          • GetTickCount.KERNEL32 ref: 6CE98EDA
                                                                          • GetCurrentThreadId.KERNEL32 ref: 6CE98F4A
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CountTick$CurrentThread
                                                                          • String ID:
                                                                          • API String ID: 3968769311-0
                                                                          • Opcode ID: de6491824a5b40c67d2f13910f2fdf79a8fc3c52d4dee7aa36ea3e701f071399
                                                                          • Instruction ID: c8277a485d4bcd83ade4061f6d5838276a4f9da174846f4b58369bcf19aaa819
                                                                          • Opcode Fuzzy Hash: de6491824a5b40c67d2f13910f2fdf79a8fc3c52d4dee7aa36ea3e701f071399
                                                                          • Instruction Fuzzy Hash: 6A4170706093459ED721DE78C88035EBBF1AB8135CF348A2ED4E88BBA4E7B5D485C752
                                                                          Function 6C988E00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000001,?,?), ref: 6C988E5D
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?,?), ref: 6C988EB7
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000002,?,?), ref: 6C988F12
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000003,?,?), ref: 6C988F6D
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C97221D
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,?,?), ref: 6C972275
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacketConst() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C972321
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container
                                                                          • API String ID: 3879971092-3411333834
                                                                          • Opcode ID: 9ca0dc679e3b2f25713ea42a9b7ec28ebe0d5177eb3de24bb3fb545d8da14a8b
                                                                          • Instruction ID: 34af953d018ca3462d7d547b3bcece4f7251eb09197498489fdd3ffc78ace5d9
                                                                          • Opcode Fuzzy Hash: 9ca0dc679e3b2f25713ea42a9b7ec28ebe0d5177eb3de24bb3fb545d8da14a8b
                                                                          • Instruction Fuzzy Hash: E5419CF5A026405BF764DF24DC55F67B39DAB2130CF04082DE55A9BB82E731E508C679
                                                                          Function 6C990610 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _ValidateLocalCookies.LIBCMT ref: 6C990647
                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6C99064F
                                                                          • _ValidateLocalCookies.LIBCMT ref: 6C9906D8
                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6C990703
                                                                          • _ValidateLocalCookies.LIBCMT ref: 6C990758
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                          • String ID: csm
                                                                          • API String ID: 1170836740-1018135373
                                                                          • Opcode ID: 0e563e3ac064a8ad9a8c19ba6af5619e2c71270524c645c88157ae8fd83412b9
                                                                          • Instruction ID: c9f6f48cb0bbbad1e3aa344feebe33f4d40fc17c81b23103119950c6920b223a
                                                                          • Opcode Fuzzy Hash: 0e563e3ac064a8ad9a8c19ba6af5619e2c71270524c645c88157ae8fd83412b9
                                                                          • Instruction Fuzzy Hash: C541B874A01248AFCF00CF69C880ADE7FB9FF59368F189155E8246B751D731DA15CB91
                                                                          Function 6C9D8A80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _ValidateLocalCookies.LIBCMT ref: 6C9D8AAB
                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6C9D8AB3
                                                                          • _ValidateLocalCookies.LIBCMT ref: 6C9D8B41
                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6C9D8B6C
                                                                          • _ValidateLocalCookies.LIBCMT ref: 6C9D8BC1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                          • String ID: csm
                                                                          • API String ID: 1170836740-1018135373
                                                                          • Opcode ID: dc1f48b913513e0bb72fe7a198f644590f18720e807514276b7a54896c87d932
                                                                          • Instruction ID: 65efc56bbffb9fd26817a28825ecb9784ec935e1b9b202d2d263d8892c74feb7
                                                                          • Opcode Fuzzy Hash: dc1f48b913513e0bb72fe7a198f644590f18720e807514276b7a54896c87d932
                                                                          • Instruction Fuzzy Hash: DC41D370A007089BCF04DF68C880A9EBBB9AF56318F16D156D828BB752C735FA05CBD4
                                                                          Function 6C98607F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9887A0: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C988D7B,00000002,?,Failed to grow event packet of type %d.,?,?,?,?,?,6C9831D3,?), ref: 6C9887C7
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C9860DE
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C9860FB
                                                                          Strings
                                                                          • Special Event, xrefs: 6C9860D7, 6C9860F4
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C9860D2
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C9860EF
                                                                          • External generator (falling edge) event received., xrefs: 6C98607F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$External generator (falling edge) event received.$Special Event
                                                                          • API String ID: 1435167524-1129194094
                                                                          • Opcode ID: 254c9e4c55329508ddc2e072b200ffa1cd60a56ea18657dc930f7b57c789b206
                                                                          • Instruction ID: cc3fa71e4f5cdf87bec71892bd8a17611720884159cbc45bfb185d033e19e17e
                                                                          • Opcode Fuzzy Hash: 254c9e4c55329508ddc2e072b200ffa1cd60a56ea18657dc930f7b57c789b206
                                                                          • Instruction Fuzzy Hash: CB31F0716A7F00DBD720DE29D880B97B7E5AFA1349F044D29E4AACBA50E731E408CF11
                                                                          Function 6C986124 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9887A0: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C988D7B,00000002,?,Failed to grow event packet of type %d.,?,?,?,?,?,6C9831D3,?), ref: 6C9887C7
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C986183
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventSetTimestamp() with negative value!), ref: 6C9861A0
                                                                          Strings
                                                                          • External generator (rising edge) event received., xrefs: 6C986124
                                                                          • Special Event, xrefs: 6C98617C, 6C986199
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C986177
                                                                          • Called caerSpecialEventSetTimestamp() with negative value!, xrefs: 6C986194
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Called caerSpecialEventSetTimestamp() with negative value!$External generator (rising edge) event received.$Special Event
                                                                          • API String ID: 1435167524-186133897
                                                                          • Opcode ID: 49eaefaf2b4c90cab6bd7e69a74ca31b20b2014549c69f10c67d27ac8e0f813a
                                                                          • Instruction ID: f6f54b98f8b7810e1413efa4138fbeb17d4230ef09ddcb1b270122f2babca62e
                                                                          • Opcode Fuzzy Hash: 49eaefaf2b4c90cab6bd7e69a74ca31b20b2014549c69f10c67d27ac8e0f813a
                                                                          • Instruction Fuzzy Hash: B13112716A7F009BD720DE28DC80B87B7E4AFA1349F044E29E4AACBA41E730E404CF11
                                                                          Function 6C967600 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • QueryPerformanceFrequency.KERNEL32(?,00000000,unknown,?,6C98B0C6,?,?,?,?,?,6C965EDD,00000000,-00000058,00000000), ref: 6C967620
                                                                          • __aulldiv.LIBCMT ref: 6C967645
                                                                          • QueryPerformanceCounter.KERNEL32(?,00000000,unknown,?,6C98B0C6,?,?,?,?,?,6C965EDD,00000000,-00000058,00000000), ref: 6C96765A
                                                                          • __aulldiv.LIBCMT ref: 6C967678
                                                                          • __aullrem.LIBCMT ref: 6C96768B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: PerformanceQuery__aulldiv$CounterFrequency__aullrem
                                                                          • String ID: unknown
                                                                          • API String ID: 2732653491-2904991687
                                                                          • Opcode ID: 30046c72fc45ef5cfe34f9454a8961f54e5764ccff83e43adfb9cee8acec5d01
                                                                          • Instruction ID: 34bbc3782f2f56513828c7f933dc8993543b2d46555c23b93e46631b435c7df5
                                                                          • Opcode Fuzzy Hash: 30046c72fc45ef5cfe34f9454a8961f54e5764ccff83e43adfb9cee8acec5d01
                                                                          • Instruction Fuzzy Hash: 15317CB16083059FC708CF69D980A5ABBE9FB99308F15492EF548C7350E775D905CB91
                                                                          Function 6C988D20 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Event Packet,Called caerEventPacketGrow() with a new capacity value (%i) that is equal or smaller than the old one (%i). Only strictly growing an event packet is supported!,?,?,?,?,?,?,6C9831D3,?,?,00000001,?), ref: 6C988D5C
                                                                          Strings
                                                                          • Called caerEventPacketGrow() with a new capacity value (%i) that is equal or smaller than the old one (%i). Only strictly growing an event packet is supported!, xrefs: 6C988D50
                                                                          • Failed to reallocate %zu bytes of memory for growing Event Packet of capacity %i to new capacity of %i. Error: %d., xrefs: 6C988DB0
                                                                          • Failed to grow event packet of type %d., xrefs: 6C988D6B
                                                                          • Event Packet, xrefs: 6C988D55, 6C988DB5
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerEventPacketGrow() with a new capacity value (%i) that is equal or smaller than the old one (%i). Only strictly growing an event packet is supported!$Event Packet$Failed to grow event packet of type %d.$Failed to reallocate %zu bytes of memory for growing Event Packet of capacity %i to new capacity of %i. Error: %d.
                                                                          • API String ID: 3879971092-2010117853
                                                                          • Opcode ID: fc786866572aae5ba75f5c3d3b9952737ed19cd47d2db60777f428cc776a4a24
                                                                          • Instruction ID: 3cc40bc548584626b3deb4ef44e0599ac77ca9ccd427cd01eb725981ddc4da68
                                                                          • Opcode Fuzzy Hash: fc786866572aae5ba75f5c3d3b9952737ed19cd47d2db60777f428cc776a4a24
                                                                          • Instruction Fuzzy Hash: FB2126B66013547BD7109F49EC41E9BBBADEFE5658F04485AF80CA7B02E331E40487B1
                                                                          Function 6C9758B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Event Packet,Called caerEventPacketGrow() with a new capacity value (%i) that is equal or smaller than the old one (%i). Only strictly growing an event packet is supported!,?,?,?,00000000,?,?,6C973DBB,?,?,00000001,?,00000007), ref: 6C9758EC
                                                                          Strings
                                                                          • Called caerEventPacketGrow() with a new capacity value (%i) that is equal or smaller than the old one (%i). Only strictly growing an event packet is supported!, xrefs: 6C9758E0
                                                                          • Failed to reallocate %zu bytes of memory for growing Event Packet of capacity %i to new capacity of %i. Error: %d., xrefs: 6C975940
                                                                          • Failed to grow event packet of type %d., xrefs: 6C9758FB
                                                                          • Event Packet, xrefs: 6C9758E5, 6C975945
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerEventPacketGrow() with a new capacity value (%i) that is equal or smaller than the old one (%i). Only strictly growing an event packet is supported!$Event Packet$Failed to grow event packet of type %d.$Failed to reallocate %zu bytes of memory for growing Event Packet of capacity %i to new capacity of %i. Error: %d.
                                                                          • API String ID: 3879971092-2010117853
                                                                          • Opcode ID: 5a6caec4cbc1bfeb7d055876992ab667530faf10072b2c1431291021bcc6ab2d
                                                                          • Instruction ID: fa0cf28aa70fade1596b9173cc0dcbaba3925e1c136222b9aa124debe1ff4a83
                                                                          • Opcode Fuzzy Hash: 5a6caec4cbc1bfeb7d055876992ab667530faf10072b2c1431291021bcc6ab2d
                                                                          • Instruction Fuzzy Hash: 592126B7A013507BC7109F49AC41EDBBB9CEFE565CF04449AF80CABA52E331E5048AB1
                                                                          Function 6C962360 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 80COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?,000F4297,00000000,?,76ECE820), ref: 6C962393
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C9623D6
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C962409
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C96241E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Leave$Enter
                                                                          • String ID: cancel transfer failed error %d$libusb_cancel_transfer$transfer %p
                                                                          • API String ID: 2978645861-2328469272
                                                                          • Opcode ID: 7a565c25cbe94fcc903a2f97ed7d39c8b7598ae1d331d203a12931c6ad7752c5
                                                                          • Instruction ID: e27979e480ce59fd554d4caee1e99c68089ed53b4612271990aaff75311a12b9
                                                                          • Opcode Fuzzy Hash: 7a565c25cbe94fcc903a2f97ed7d39c8b7598ae1d331d203a12931c6ad7752c5
                                                                          • Instruction Fuzzy Hash: C61127B2309610B7D7145B5A5EC8E9BB72CE762779B400272FB56A6DD1C331D425C3E0
                                                                          Function 6C966300 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 79windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(00000000,?,00000000,6C96628E,?,00000064,00000000,?,?), ref: 6C966309
                                                                          • FormatMessageA.KERNEL32(00001200,00000000,00000000,00000400,6C9C9D50,00000100,00000000,00000000,?,?), ref: 6C96636E
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000006,6C962194,?,00000084), ref: 6C966378
                                                                          Strings
                                                                          • [%lu] , xrefs: 6C966312
                                                                          • Unknown error code %lu, xrefs: 6C9663A5
                                                                          • Windows error code %lu (FormatMessage error code %lu), xrefs: 6C966384
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$FormatMessage
                                                                          • String ID: Unknown error code %lu$Windows error code %lu (FormatMessage error code %lu)$[%lu]
                                                                          • API String ID: 71157656-427226007
                                                                          • Opcode ID: b402a04c371a26aadb7d13653b9681a7a07d247b0ce8c695f6cfc052370154de
                                                                          • Instruction ID: 462ccdf56c1f99568f2ce0ae6d8a78c2ef8c134f39298f1e85adff310946835b
                                                                          • Opcode Fuzzy Hash: b402a04c371a26aadb7d13653b9681a7a07d247b0ce8c695f6cfc052370154de
                                                                          • Instruction Fuzzy Hash: 3411E9B7705120BAF71012668C15FAB269C9B0136EF250626F94FFFDD1D660C840C2E6
                                                                          Function 6C9E9248 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9E920C: _free.LIBCMT ref: 6C9E9235
                                                                          • _free.LIBCMT ref: 6C9E9296
                                                                            • Part of subcall function 6C9E2CF5: HeapFree.KERNEL32(00000000,00000000,?,6C9E923A,?,00000000,?,00000000,?,6C9E9261,?,00000007,?,?,6C9E7A4B,?), ref: 6C9E2D0B
                                                                            • Part of subcall function 6C9E2CF5: GetLastError.KERNEL32(?,?,6C9E923A,?,00000000,?,00000000,?,6C9E9261,?,00000007,?,?,6C9E7A4B,?,?), ref: 6C9E2D1D
                                                                          • _free.LIBCMT ref: 6C9E92A1
                                                                          • _free.LIBCMT ref: 6C9E92AC
                                                                          • _free.LIBCMT ref: 6C9E9300
                                                                          • _free.LIBCMT ref: 6C9E930B
                                                                          • _free.LIBCMT ref: 6C9E9316
                                                                          • _free.LIBCMT ref: 6C9E9321
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: b4afd6af754144061269b96f312fd88ef85fe3d95e483fff9151aafeb2d8ac8b
                                                                          • Instruction ID: 9c7190e4af6dabc2807866cfdd25d5171991d7b25cf8555b58be88d5df27bf2c
                                                                          • Opcode Fuzzy Hash: b4afd6af754144061269b96f312fd88ef85fe3d95e483fff9151aafeb2d8ac8b
                                                                          • Instruction Fuzzy Hash: 19112EB1540B44E6DF22E7B0CC09FCB779C6F3C754F410815A6AAE6B90DB75E5089690
                                                                          Function 6CEBA8F8 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,CompareStringOrdinal,6CF7692B,00000000,6CF76940), ref: 6CEBA912
                                                                            • Part of subcall function 6CEA2EBC: GetProcAddress.KERNEL32(?,00000000), ref: 6CEA2EE0
                                                                          • GetModuleHandleW.KERNEL32(NTDLL.DLL,RtlCompareUnicodeString,6CF7692B,00000000,6CF76940), ref: 6CEBA92D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule$AddressProc
                                                                          • String ID: CompareStringOrdinal$NTDLL.DLL$RtlCompareUnicodeString$kernel32.dll
                                                                          • API String ID: 1883125708-3870080525
                                                                          • Opcode ID: 19c507bc3e94e7743b147f20f3d872b0f9235f8dd6170290c2d3b66b22780211
                                                                          • Instruction ID: 018d42b9ecb91f1a1218a834e1e712d71f0fd2cc26a0d37869db800026f3b796
                                                                          • Opcode Fuzzy Hash: 19c507bc3e94e7743b147f20f3d872b0f9235f8dd6170290c2d3b66b22780211
                                                                          • Instruction Fuzzy Hash: 74E0C2709812003C8E82ABE5AE087B635315B50009B31F40CA018BBF11CB3580466120
                                                                          Function 00409F76 Relevance: 10.3, Strings: 8, Instructions: 325COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %G%%$@$CAMP$IEPE$RME ADI-2 Pro$RME ADI-2/4 PRO SE$RTA$RTX6001
                                                                          • API String ID: 0-1910809587
                                                                          • Opcode ID: 1216ffd0341e008871464e4b30e501f9e109b1a58f21629876c9d6f684db916c
                                                                          • Instruction ID: 1594e548e6b9f3267800e40e0cd3ae2b11546d7ad3ec44f195fe52d5204343db
                                                                          • Opcode Fuzzy Hash: 1216ffd0341e008871464e4b30e501f9e109b1a58f21629876c9d6f684db916c
                                                                          • Instruction Fuzzy Hash: EBC19E746003419BC718DF25DC45B6A7BEBBBCA704F00152EF9869B3A5DBB49840CF9A
                                                                          Function 004CADE0 Relevance: 10.2, Strings: 8, Instructions: 233COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: FFTSize$RecordLength$SamplingChannels$SamplingFrequency$SamplingResolution$SpectrumAnalyzerType$WindowFunction$WindowOverlapPercentage
                                                                          • API String ID: 0-1763469522
                                                                          • Opcode ID: cbfcbd76fcdfb78ba9293cceb238887b0babc6e01cfeda9001b9ef61589bf537
                                                                          • Instruction ID: 4172458f80be0ea1d3525fd9911b571e3b03e53f55241ce611dda9089f12c06b
                                                                          • Opcode Fuzzy Hash: cbfcbd76fcdfb78ba9293cceb238887b0babc6e01cfeda9001b9ef61589bf537
                                                                          • Instruction Fuzzy Hash: ED913AB4508342ABD704EF64C895B6BBFE4FF84708F004A1EF49557281DB769A488BA7
                                                                          Function 0054B1E0 Relevance: 10.2, Strings: 8, Instructions: 154COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ASIO MADIface$CAMP$IEPE$RME ADI-2 Pro$RME ADI-2/4 PRO SE$RTA$RTX ASIO$RTX6001
                                                                          • API String ID: 0-1288919228
                                                                          • Opcode ID: 6aba5cb95b2f8d81febd7da6f1d937db0af0229292c3c67634d47b30e058c0aa
                                                                          • Instruction ID: 595b431d4fcd02e0219c1679b6868fff39a8e57e457d9da79ac5cf1b134df3e6
                                                                          • Opcode Fuzzy Hash: 6aba5cb95b2f8d81febd7da6f1d937db0af0229292c3c67634d47b30e058c0aa
                                                                          • Instruction Fuzzy Hash: 44512571E0028697EB18DFA68886BFE7F69FB85318F200534E855E72C6DB64D9408792
                                                                          Function 005BFE00 Relevance: 10.1, Strings: 8, Instructions: 132COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: /Hz$dBA$dBB$dBC$dBFS$dBI$dBr$dBu
                                                                          • API String ID: 0-3208329916
                                                                          • Opcode ID: 718387325561b52daa9116315744b2a9acbec7366d536a4b6143b8d254d86d26
                                                                          • Instruction ID: bdf436eb25c3d7590964bb0f4a57d85999fc49698aca118ec59e92ef567be09f
                                                                          • Opcode Fuzzy Hash: 718387325561b52daa9116315744b2a9acbec7366d536a4b6143b8d254d86d26
                                                                          • Instruction Fuzzy Hash: CE5155342483829BD318DF25C856BBABB98BB91710F04982DF4DA52192DBB0E905CB92
                                                                          Function 0040A7B0 Relevance: 10.1, Strings: 8, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: DAQ_SetParameters$DAQ_Unlock$Fail to load Device Dll$RME ADI-2 Pro$RME ADI-2/4 PRO SE$RTX6001$SoundCardASIODAQO.dll$e
                                                                          • API String ID: 0-1596627008
                                                                          • Opcode ID: e8e53c9c991e72dc3cc454528432f1f50881d4a893cac8223c94390fc721b172
                                                                          • Instruction ID: 8d7ca7a462642e4c39931164b55a846bebe161189345467546fb11fc15a7b191
                                                                          • Opcode Fuzzy Hash: e8e53c9c991e72dc3cc454528432f1f50881d4a893cac8223c94390fc721b172
                                                                          • Instruction Fuzzy Hash: AC410871244781ABE324EF61DC45FAB7B99FBC0714F00492DF689972C1DBB494048B66
                                                                          Function 00417DE0 Relevance: 10.1, Strings: 8, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: DAO_SetParameters$DAO_Unlock$Fail to load Device Dll$RME ADI-2 Pro$RME ADI-2/4 PRO SE$RTX6001$SoundCardASIODAQO.dll$e
                                                                          • API String ID: 0-1514325731
                                                                          • Opcode ID: a67815199afe4d9985c7a4d14a0fe2ed01da5aead44c1b8504697963a8b33cbd
                                                                          • Instruction ID: 89a3c7ca20ab8f94f40e16817f684f38b966aebe3198e41b2f9013446ddd438d
                                                                          • Opcode Fuzzy Hash: a67815199afe4d9985c7a4d14a0fe2ed01da5aead44c1b8504697963a8b33cbd
                                                                          • Instruction Fuzzy Hash: 9E4105312487C1ABD329EB61DC46BAB7BADFBC0710F00451DF589962D1DBB89504CB62
                                                                          Function 6C9AAA8B Relevance: 9.2, APIs: 6, Instructions: 248COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: __freea$Info
                                                                          • String ID:
                                                                          • API String ID: 541289543-0
                                                                          • Opcode ID: 6d1257392bbbe4576eb0b48f29f46d97379fbb3d310561cbc1c3f8d3cf748ca0
                                                                          • Instruction ID: 4471f2143600b61c2545834c744979cd2ede80b1312f9ed063ea9fa4ea21b14b
                                                                          • Opcode Fuzzy Hash: 6d1257392bbbe4576eb0b48f29f46d97379fbb3d310561cbc1c3f8d3cf748ca0
                                                                          • Instruction Fuzzy Hash: 7F71F772901209AFEB118ED4CC40FEE77BEDF69718F250059E954A7A80DF75D9068FA0
                                                                          Function 6C9E4309 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6C9DB3AC,6C9DB3AC,?,?,?,6C9E455A,00000001,00000001,92E85006), ref: 6C9E4363
                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6C9E455A,00000001,00000001,92E85006,?,?,?), ref: 6C9E43E9
                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,92E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6C9E44E3
                                                                          • __freea.LIBCMT ref: 6C9E44F0
                                                                            • Part of subcall function 6C9E2D2F: RtlAllocateHeap.NTDLL(00000000,6C9D50A5,00000000), ref: 6C9E2D61
                                                                          • __freea.LIBCMT ref: 6C9E44F9
                                                                          • __freea.LIBCMT ref: 6C9E451E
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1414292761-0
                                                                          • Opcode ID: 22e64a3679e90e2af0e944fc6fe857187744a3d5920fd91d9a2c6b9743a99580
                                                                          • Instruction ID: 3b289e64aeb8281f0af1dbd1eb80613f74124d1b847b9d6a9d2e17d469822ff5
                                                                          • Opcode Fuzzy Hash: 22e64a3679e90e2af0e944fc6fe857187744a3d5920fd91d9a2c6b9743a99580
                                                                          • Instruction Fuzzy Hash: 2751D572710216AFEB168EA4CC40EAF37E9EF69658B254628FD14D7A80EB34DC54CA50
                                                                          Function 004BAF20 Relevance: 9.2, Strings: 7, Instructions: 465COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: CAMP$IEPE$RME ADI-2 Pro$RME ADI-2/4 PRO SE$RTA$RTX6001$miniDSP ASIO Driver
                                                                          • API String ID: 0-4117997239
                                                                          • Opcode ID: 758f30b7deda40f21544944f90919d28d232e7932a6c9dc30de082c87a8a6000
                                                                          • Instruction ID: 528723dcae5fba369abb798e62c58fa6f2fd0ea8b1f8d1f0455302768cb2892b
                                                                          • Opcode Fuzzy Hash: 758f30b7deda40f21544944f90919d28d232e7932a6c9dc30de082c87a8a6000
                                                                          • Instruction Fuzzy Hash: DA0214742043419FD308EF24EC81BAA7BEAFBC5744F00251DF685972A1DBB49948CFA6
                                                                          Function 6C966510 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 172COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(6C9C9E68,?,?,?,?,?,6C970BFB), ref: 6C96657A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalEnterSection
                                                                          • String ID: could not duplicate string for hash table$hash collision ('%s' vs '%s')$hash table is full (%lu entries)$htab_hash
                                                                          • API String ID: 1904992153-3333510954
                                                                          • Opcode ID: 13f1a1f8720fad39054be1c8ebcd13cac7ced1ecfc4d84840a0f80eb159f549c
                                                                          • Instruction ID: e6585292a779fa219f3e08ba1e7dde48ca77304539388c55dabff35c2d252a8d
                                                                          • Opcode Fuzzy Hash: 13f1a1f8720fad39054be1c8ebcd13cac7ced1ecfc4d84840a0f80eb159f549c
                                                                          • Instruction Fuzzy Hash: 67518A757082069BE7044E2AA891A667BBA9B9530DF49417DEC41DBFD0E633DD08C291
                                                                          Function 6C96FD80 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 168COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CloseHandle.KERNEL32(?,?,?), ref: 6C96FEE5
                                                                          Strings
                                                                          • composite_claim_interface, xrefs: 6C96FF2F
                                                                          • ignoring access denied error while opening HID interface of composite device, xrefs: 6C96FE19
                                                                          • composite_open, xrefs: 6C96FE1E
                                                                          • claim_interface, xrefs: 6C96FF25
                                                                          • unsupported API call for '%s' (unrecognized device driver), xrefs: 6C96FF2A
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle
                                                                          • String ID: claim_interface$composite_claim_interface$composite_open$ignoring access denied error while opening HID interface of composite device$unsupported API call for '%s' (unrecognized device driver)
                                                                          • API String ID: 2962429428-290779691
                                                                          • Opcode ID: cb624fcd01da54f328f68cf2b1b34ce58cd603594f8181ae6a12b6807e7e82be
                                                                          • Instruction ID: de02f19617e6c4c02a97aa9f06fb7ebd6de904277c6e1455dcfe2fcff846a1e1
                                                                          • Opcode Fuzzy Hash: cb624fcd01da54f328f68cf2b1b34ce58cd603594f8181ae6a12b6807e7e82be
                                                                          • Instruction Fuzzy Hash: 04514B31A091405FF312DA3EDC44BAABFD8AB9632CF694A58E465C7ED2D334D845C392
                                                                          Function 6CEC4DB0 Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEC4E65
                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEC4E81
                                                                          • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 6CEC4EBA
                                                                          • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 6CEC4F37
                                                                          • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 6CEC4F50
                                                                          • VariantCopy.OLEAUT32(?,?), ref: 6CEC4F8B
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                          • String ID:
                                                                          • API String ID: 351091851-0
                                                                          • Opcode ID: 956707f41a77b19ce1eaa54024d2eaf2fcf49f2c77966f508a2d019eb9f44537
                                                                          • Instruction ID: 15106230121e33fe9e1ada39c90d9f6a0ff96bac3e7a56548d9abfa1e4465e3f
                                                                          • Opcode Fuzzy Hash: 956707f41a77b19ce1eaa54024d2eaf2fcf49f2c77966f508a2d019eb9f44537
                                                                          • Instruction Fuzzy Hash: B251CB75A006299FCB22DB58CA84BD9B3FCAF49204F5451DAE528E7711D730AF848F62
                                                                          Function 00406EB0 Relevance: 9.1, Strings: 7, Instructions: 329COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %s$-10$-12$-15$-18$-20$ADCDevice.ddb
                                                                          • API String ID: 0-1198698259
                                                                          • Opcode ID: 66b2496d36ff200151ec56778fac8ca119dd4461db9d840966596103fe2218bf
                                                                          • Instruction ID: 885969125211d5a59f2eebb473eaac850e15149b469e3012a065fcc3ba89fa97
                                                                          • Opcode Fuzzy Hash: 66b2496d36ff200151ec56778fac8ca119dd4461db9d840966596103fe2218bf
                                                                          • Instruction Fuzzy Hash: 8CC1C270384341ABE324EB65DC56F9BB7D9AFD4B00F00491CF299A72E1DAF4A6448F21
                                                                          Function 6C9D8CFC Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,6C9D8C05,6C9D5A0D,6C9D5CCA), ref: 6C9D8D0A
                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6C9D8D18
                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6C9D8D31
                                                                          • SetLastError.KERNEL32(00000000,?,6C9D8C05,6C9D5A0D,6C9D5CCA), ref: 6C9D8D83
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastValue___vcrt_
                                                                          • String ID:
                                                                          • API String ID: 3852720340-0
                                                                          • Opcode ID: 6428b90cd258be77614de62fabf7e0b908aee289263e1215312140285027edfc
                                                                          • Instruction ID: a09e303f0ac22cfa43bcdce69bfe21affa8b201e49ee204a3bdd664651f1210b
                                                                          • Opcode Fuzzy Hash: 6428b90cd258be77614de62fabf7e0b908aee289263e1215312140285027edfc
                                                                          • Instruction Fuzzy Hash: 7B01DD3220DE119E9B68297A6C8574A267CDB3B37D736C32BE12465FD1EF11EC069188
                                                                          Function 6C990873 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(00000001,?,6C9907F1,6C98EF66,6C98E3CF,?,6C98E607,?,00000001,?,?,00000001,?,6C9C5490,0000000C,6C98E700), ref: 6C990881
                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6C99088F
                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6C9908A8
                                                                          • SetLastError.KERNEL32(00000000,6C98E607,?,00000001,?,?,00000001,?,6C9C5490,0000000C,6C98E700,?,00000001,?), ref: 6C9908FA
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastValue___vcrt_
                                                                          • String ID:
                                                                          • API String ID: 3852720340-0
                                                                          • Opcode ID: c39ed277a77ee584469ca6859b1c78d2cf24066f23a198a81b17d85a1d70bf53
                                                                          • Instruction ID: f76d0669cba5a75ee98ec79edd0841e6245835525eb5f7c051d2a5985ae30ce9
                                                                          • Opcode Fuzzy Hash: c39ed277a77ee584469ca6859b1c78d2cf24066f23a198a81b17d85a1d70bf53
                                                                          • Instruction Fuzzy Hash: 7101D83270E3529EA70815B75D9496A26ACEF2737C33C036AE530559E0EF52CA0452C8
                                                                          Function 6C9E2BA6 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,00000010,6C9DAA36,00000010,?,?,6C9DA5F7,00000000,?,00000010,?), ref: 6C9E2BAA
                                                                          • _free.LIBCMT ref: 6C9E2BDD
                                                                          • _free.LIBCMT ref: 6C9E2C05
                                                                          • SetLastError.KERNEL32(00000000,?,00000010,?), ref: 6C9E2C12
                                                                          • SetLastError.KERNEL32(00000000,?,00000010,?), ref: 6C9E2C1E
                                                                          • _abort.LIBCMT ref: 6C9E2C24
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$_free$_abort
                                                                          • String ID:
                                                                          • API String ID: 3160817290-0
                                                                          • Opcode ID: 33317c54df379bf8f3eab886c74a73ceb8167e9345736de763ce21700acf81e6
                                                                          • Instruction ID: 6f0787b55e7a13935c2b18bc710bbfefd338fa6e1b8404b87ed1319adbca1760
                                                                          • Opcode Fuzzy Hash: 33317c54df379bf8f3eab886c74a73ceb8167e9345736de763ce21700acf81e6
                                                                          • Instruction Fuzzy Hash: 9CF08132649E03ABD7432635AC0DF8A26B9AFFF76AB390114F925D6B80EF31C4064520
                                                                          Function 0041ED1E Relevance: 9.0, Strings: 7, Instructions: 269COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %G, %G$%GHz ~ %GHz, %G$;B-Center Frequency (Hz), B-RMS $;B-Frequency Band (Hz), B-RMS $???, ???$fBand1RMS_B(EU)$oBandRMS_B(EU)_Array
                                                                          • API String ID: 0-976439020
                                                                          • Opcode ID: 04f36482f3324239f2980a77b7094784b31e037db127535414e2206f0f64420e
                                                                          • Instruction ID: d9bc7c60b1221ea939fa55778cbc3e8b6b1b8de7eca32b725ea2b127088e3e2f
                                                                          • Opcode Fuzzy Hash: 04f36482f3324239f2980a77b7094784b31e037db127535414e2206f0f64420e
                                                                          • Instruction Fuzzy Hash: DAA1D1752047419BD728DB25C855AEBBBD6BFC4310F044B2DF8AA872C1DF749909CB62
                                                                          Function 0041E9E3 Relevance: 9.0, Strings: 7, Instructions: 269COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %G, %G$%GHz ~ %GHz, %G$;A-Center Frequency (Hz), A-RMS $;A-Frequency Band (Hz), A-RMS $???, ???$fBand1RMS_A(EU)$oBandRMS_A(EU)_Array
                                                                          • API String ID: 0-2943335791
                                                                          • Opcode ID: b32fe888a07d8da559ba17c46a930a4f2f2ffd02fe5abd5256557f93130821c3
                                                                          • Instruction ID: a41951e69ba422d7362a8367db6dfbf120e4053a780782cfd9a058bae6c63457
                                                                          • Opcode Fuzzy Hash: b32fe888a07d8da559ba17c46a930a4f2f2ffd02fe5abd5256557f93130821c3
                                                                          • Instruction Fuzzy Hash: 76A1C4752487418BD728DB24C855BEBB7D5BBD4310F044B2DF8AA872C1DF749909CBA2
                                                                          Function 004152D0 Relevance: 9.0, Strings: 7, Instructions: 243COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %s$-10$-12$-15$-18$-20$DACDevice.ddb
                                                                          • API String ID: 0-3271453456
                                                                          • Opcode ID: 21a9eaeb4a72dfbae9dda08c19a5debe15754e280dd4d0422be339cfaf7fb903
                                                                          • Instruction ID: 6150aad5298270bcca105e571881b15d34fcd0470bee02529f5b7fcb81a24c43
                                                                          • Opcode Fuzzy Hash: 21a9eaeb4a72dfbae9dda08c19a5debe15754e280dd4d0422be339cfaf7fb903
                                                                          • Instruction Fuzzy Hash: E491B570284342ABE324DB24DC96F9BB7D9BFD4704F00491CB6D9A72D2DAB4A644CB61
                                                                          Function 6C9883F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 182timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 6C9884CB
                                                                          • SetWaitableTimer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000), ref: 6C9884E1
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C9884EA
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C9884F1
                                                                            • Part of subcall function 6C98B320: WaitForSingleObject.KERNEL32(?,000000FF,?,?,6C9738B0,?,?,00000082,00002710,00000000,?,00000000,00000003,00000000), ref: 6C98B32B
                                                                            • Part of subcall function 6C98B320: ReleaseMutex.KERNEL32(?), ref: 6C98B34A
                                                                            • Part of subcall function 6C988E00: caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000001,?,?), ref: 6C988E5D
                                                                            • Part of subcall function 6C988E00: caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?,?), ref: 6C988EB7
                                                                            • Part of subcall function 6C988E00: caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000002,?,?), ref: 6C988F12
                                                                            • Part of subcall function 6C988E00: caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000003,?,?), ref: 6C988F6D
                                                                            • Part of subcall function 6C9887A0: caerLogVAFull.LIB_HELP(?,?,?,?,?,6C988D7B,00000002,?,Failed to grow event packet of type %d.,?,?,?,?,?,6C9831D3,?), ref: 6C9887C7
                                                                          Strings
                                                                          • Failed to start data transfers., xrefs: 6C988516
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$ObjectSingleTimerWaitWaitable$CloseCreateFullHandleMutexRelease
                                                                          • String ID: Failed to start data transfers.
                                                                          • API String ID: 195387736-2235991773
                                                                          • Opcode ID: 3097c8dd2b4854cc75bea245a6ad22a4170b7767c6e38d194b2095bf0346ce63
                                                                          • Instruction ID: 430e0d063f31fb6a961cf8a1f07912a03f00d0b6677b459a5c7796cb3bf5095c
                                                                          • Opcode Fuzzy Hash: 3097c8dd2b4854cc75bea245a6ad22a4170b7767c6e38d194b2095bf0346ce63
                                                                          • Instruction Fuzzy Hash: 54513C713C234075FB322620AC93FAA216D5F72F19F640804F7147E6C1EBDAB24A596A
                                                                          Function 6C986886 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Special Event,Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C98691B
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Timestamp wrap event received with multiplier of %hu., xrefs: 6C98697D
                                                                          • Timestamps: non strictly-monotonic timestamp detected: lastTimestamp=%i, currentTimestamp=%i, difference=%i., xrefs: 6C986967
                                                                          • Special Event, xrefs: 6C986914
                                                                          • Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C98690F
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerSpecialEventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$Special Event$Timestamp wrap event received with multiplier of %hu.$Timestamps: non strictly-monotonic timestamp detected: lastTimestamp=%i, currentTimestamp=%i, difference=%i.
                                                                          • API String ID: 1435167524-1149132143
                                                                          • Opcode ID: d8d3b553b324c9927449cd3feb8b40f5a9f33d655d7a9fac663f4fbe08a6be5b
                                                                          • Instruction ID: 688392f3cb6912d94ea486a03289462fd4df9566791a6db91bebca0ae246004a
                                                                          • Opcode Fuzzy Hash: d8d3b553b324c9927449cd3feb8b40f5a9f33d655d7a9fac663f4fbe08a6be5b
                                                                          • Instruction Fuzzy Hash: FF51BD71666F448FD7248F29C840B97BBE8AB95309F054D2EE4E6CBA81E732E444CF11
                                                                          Function 00411730 Relevance: 8.9, Strings: 7, Instructions: 145COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 1.8Hz$119Hz$236Hz$464Hz$RTA$iB<-oA$oA<-iA, oB<-iB
                                                                          • API String ID: 0-1392096897
                                                                          • Opcode ID: 91e5dab941ff31e89374ae761cc53828500b873888c7a13e487e9f2d1b40856d
                                                                          • Instruction ID: f43247af051ae761f442f5b15a054cb80391a367f3a97caead87298eb6c835c8
                                                                          • Opcode Fuzzy Hash: 91e5dab941ff31e89374ae761cc53828500b873888c7a13e487e9f2d1b40856d
                                                                          • Instruction Fuzzy Hash: FD412475380701B7E224EB65DC52FA6B79DBFD4B00F154A0DF299AB2E0CAF4B6408B15
                                                                          Function 6C98AFA0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 137timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWaitableTimerA.KERNEL32 ref: 6C98B107
                                                                          • SetWaitableTimer.KERNEL32(00000000,FFFFFC18,00000000,00000000,00000000,00000000), ref: 6C98B119
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C98B11E
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C98B121
                                                                          Strings
                                                                          • Unable to allocate buffer for libusb control transfer. Error: %d., xrefs: 6C98AFE7
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: TimerWaitable$CloseCreateHandleObjectSingleWait
                                                                          • String ID: Unable to allocate buffer for libusb control transfer. Error: %d.
                                                                          • API String ID: 2650818659-1202466364
                                                                          • Opcode ID: bbc017c4b83ecec0131a064e0567d2a5a4e7c099496e3b1184bd29360faed2a9
                                                                          • Instruction ID: e320302e7e7537e78b372bb2c34a61f8ac58d7101163b87ef4cc6d059a16b7bd
                                                                          • Opcode Fuzzy Hash: bbc017c4b83ecec0131a064e0567d2a5a4e7c099496e3b1184bd29360faed2a9
                                                                          • Instruction Fuzzy Hash: C94123712093419BC301DF69CC40BABBBF4AF99714F084A5CF8A89B781E734E509C7A6
                                                                          Function 6C98ACF0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C961E40: InitializeCriticalSection.KERNEL32(000000AC,00000000,00000000,00000055,?), ref: 6C961E74
                                                                          • CreateWaitableTimerA.KERNEL32 ref: 6C98AE46
                                                                          • SetWaitableTimer.KERNEL32(00000000,FFFFFC18,00000000,00000000,00000000,00000000), ref: 6C98AE58
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C98AE5D
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C98AE60
                                                                            • Part of subcall function 6C98A8C0: caerLogVAFull.LIB_HELP(00000002,00000000,?,00000002,00000002,6C98AFF7,00000002,?,Unable to allocate buffer for libusb control transfer. Error: %d.,00000000,00000000,00000000,00000055,?), ref: 6C98A8E7
                                                                            • Part of subcall function 6C961E90: DeleteCriticalSection.KERNEL32(6C98AFE4,00000000,?,6C98B000,00000000,00000000,00000000,00000000), ref: 6C961ED3
                                                                          Strings
                                                                          • Unable to allocate buffer for libusb control transfer. Error: %d., xrefs: 6C98AD36
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSectionTimerWaitable$CloseCreateDeleteFullHandleInitializeObjectSingleWaitcaer
                                                                          • String ID: Unable to allocate buffer for libusb control transfer. Error: %d.
                                                                          • API String ID: 2590643628-1202466364
                                                                          • Opcode ID: b14fc5f4960f78376cced0271911be3cbb8303759ec024b9d86a6da1c595a5d7
                                                                          • Instruction ID: 536f5ae18771dea62da6f4c3fb6c2f315f4dfae108da33aafb621c216c42f354
                                                                          • Opcode Fuzzy Hash: b14fc5f4960f78376cced0271911be3cbb8303759ec024b9d86a6da1c595a5d7
                                                                          • Instruction Fuzzy Hash: 7F41EE31209341AFC301CF29C840B9BBBE0AF9A764F444A5DF8949B7D1D734D549CBA6
                                                                          Function 6CEB8CFC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualQuery.KERNEL32(?,?,0000001C,00000000,6CEB8EAA), ref: 6CEB8D2F
                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 6CEB8D53
                                                                          • GetModuleFileNameW.KERNEL32(MZP,?,00000105), ref: 6CEB8D6E
                                                                          • LoadStringW.USER32(00000000,0000FFED,?,00000100), ref: 6CEB8E09
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FileModuleName$LoadQueryStringVirtual
                                                                          • String ID: MZP
                                                                          • API String ID: 3990497365-2889622443
                                                                          • Opcode ID: 058e48160e84bb69b32f5732377c389a2ca2a1fd85efd1af134cdfd47dcaf670
                                                                          • Instruction ID: b526259038f5abecec22e8576b99456a2d50de30616148f24752034b9af3eba3
                                                                          • Opcode Fuzzy Hash: 058e48160e84bb69b32f5732377c389a2ca2a1fd85efd1af134cdfd47dcaf670
                                                                          • Instruction Fuzzy Hash: 994139B0A402189FDB20CF69CD81BD9B7F9AB59304F2045EAE508E7741D7729E998F50
                                                                          Function 6C97AED0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000001,?,?), ref: 6C97AF2D
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?,?), ref: 6C97AF87
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000002,?,?), ref: 6C97AFE2
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C97221D
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,?,?), ref: 6C972275
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacketConst() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C972321
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C97AF26, 6C97AF80, 6C97AFDB
                                                                          • Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C97AF21, 6C97AF7B, 6C97AFD6
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container
                                                                          • API String ID: 3879971092-3411333834
                                                                          • Opcode ID: bea2a627df5a029ed5c54709a6cf1eaeff2877105314b56a54c88f2e1b7bb813
                                                                          • Instruction ID: 8c1d223088e01e32718be4ab9ad6587d8125ae8b82451873d444a807b8fe463e
                                                                          • Opcode Fuzzy Hash: bea2a627df5a029ed5c54709a6cf1eaeff2877105314b56a54c88f2e1b7bb813
                                                                          • Instruction Fuzzy Hash: B831ADF1A066009BF760DF20D856F9373DCAB6530CF000428E4999BB82EB71E558C671
                                                                          Function 6C975990 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000001,?,?), ref: 6C9759ED
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?,?), ref: 6C975A47
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000002,?,?), ref: 6C975AA2
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C97221D
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,?,?), ref: 6C972275
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacketConst() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C972321
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C9759E6, 6C975A40, 6C975A9B
                                                                          • Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C9759E1, 6C975A3B, 6C975A96
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container
                                                                          • API String ID: 3879971092-3411333834
                                                                          • Opcode ID: a98851200460403d9a53155b3610a3441b311f0f6d989a658fdd995ed6187558
                                                                          • Instruction ID: 8971b57fee45a48ce9c788ec376edf067b05d8f0dd6ff5b7b3da0bfb354be800
                                                                          • Opcode Fuzzy Hash: a98851200460403d9a53155b3610a3441b311f0f6d989a658fdd995ed6187558
                                                                          • Instruction Fuzzy Hash: 82317AF5A026409BFBA4DF20DC95F67779CAB21208F040428E85E9BB82F771E50887B1
                                                                          Function 6C98AB50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWaitableTimerA.KERNEL32 ref: 6C98ABDF
                                                                          • SetWaitableTimer.KERNEL32(00000000,FFFFD8F0,00000000,00000000,00000000,00000000), ref: 6C98ABF5
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C98ABFE
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C98AC05
                                                                            • Part of subcall function 6C962360: EnterCriticalSection.KERNEL32(?,000F4297,00000000,?,76ECE820), ref: 6C962393
                                                                            • Part of subcall function 6C962360: LeaveCriticalSection.KERNEL32(?), ref: 6C9623D6
                                                                            • Part of subcall function 6C98A8C0: caerLogVAFull.LIB_HELP(00000002,00000000,?,00000002,00000002,6C98AFF7,00000002,?,Unable to allocate buffer for libusb control transfer. Error: %d.,00000000,00000000,00000000,00000055,?), ref: 6C98A8E7
                                                                          Strings
                                                                          • Unable to cancel libusb transfer %zu. Error: %s (%d)., xrefs: 6C98ABB3
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSectionTimerWaitable$CloseCreateEnterFullHandleLeaveObjectSingleWaitcaer
                                                                          • String ID: Unable to cancel libusb transfer %zu. Error: %s (%d).
                                                                          • API String ID: 3421922295-2704591488
                                                                          • Opcode ID: ce4035b61435bfd113029575673784c0396c582aba359cd77f2c5594e380703d
                                                                          • Instruction ID: a8a8df1d9d67deaa84b92f35eba923f349ed31bdb01ee23b1dc55e49366a6e7b
                                                                          • Opcode Fuzzy Hash: ce4035b61435bfd113029575673784c0396c582aba359cd77f2c5594e380703d
                                                                          • Instruction Fuzzy Hash: F931C071502210EFEB11AF60CC44F9B77ACBF26B15F900654F9515BAD0CB34E889CBA1
                                                                          Function 6C9661D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C967600: QueryPerformanceFrequency.KERNEL32(?,00000000,unknown,?,6C98B0C6,?,?,?,?,?,6C965EDD,00000000,-00000058,00000000), ref: 6C967620
                                                                            • Part of subcall function 6C967600: __aulldiv.LIBCMT ref: 6C967645
                                                                            • Part of subcall function 6C967600: QueryPerformanceCounter.KERNEL32(?,00000000,unknown,?,6C98B0C6,?,?,?,?,?,6C965EDD,00000000,-00000058,00000000), ref: 6C96765A
                                                                            • Part of subcall function 6C967600: __aulldiv.LIBCMT ref: 6C967678
                                                                            • Part of subcall function 6C967600: __aullrem.LIBCMT ref: 6C96768B
                                                                          • GetSystemTimeAsFileTime.KERNEL32(?,-00000040,00000002,?,?,?,?,?,?,?,?,?,?,?,?,00000006), ref: 6C96621D
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C96623D
                                                                          • SetWaitableTimer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00989680,00000000,?,?,00000064,00000000,?,?), ref: 6C96627D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: PerformanceQueryTime__aulldiv$CounterFileFrequencySystemTimerUnothrow_t@std@@@Waitable__aullrem__ehfuncinfo$??2@
                                                                          • String ID: SetWaitableTimer failed: %s$usbi_arm_timer
                                                                          • API String ID: 1767681579-2933612206
                                                                          • Opcode ID: b0503e977098bc9c3ded89b42ff3278f19589f445016ff12052af6d4cef985d1
                                                                          • Instruction ID: f3a4bfb802ce3742409a9dc9af40a6856609e7d10744d2d52b6d8de8f97c3749
                                                                          • Opcode Fuzzy Hash: b0503e977098bc9c3ded89b42ff3278f19589f445016ff12052af6d4cef985d1
                                                                          • Instruction Fuzzy Hash: A22191B2608304AFD310DE69DD41F5BB7E8EB84718F000A2DF989E7B80D631E904CB92
                                                                          Function 6C97C430 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 76COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Event Packet,Called caerEventPacketGrow() with a new capacity value (%i) that is equal or smaller than the old one (%i). Only strictly growing an event packet is supported!,?,?), ref: 6C97C45F
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          • caerLog.LIB_HELP(00000002,Event Packet,Failed to reallocate %zu bytes of memory for growing Event Packet of capacity %i to new capacity of %i. Error: %d.,?,?,?,00000000), ref: 6C97C4A3
                                                                          Strings
                                                                          • Called caerEventPacketGrow() with a new capacity value (%i) that is equal or smaller than the old one (%i). Only strictly growing an event packet is supported!, xrefs: 6C97C453
                                                                          • Failed to reallocate %zu bytes of memory for growing Event Packet of capacity %i to new capacity of %i. Error: %d., xrefs: 6C97C497
                                                                          • Event Packet, xrefs: 6C97C458, 6C97C49C
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketGrow() with a new capacity value (%i) that is equal or smaller than the old one (%i). Only strictly growing an event packet is supported!$Event Packet$Failed to reallocate %zu bytes of memory for growing Event Packet of capacity %i to new capacity of %i. Error: %d.
                                                                          • API String ID: 1435167524-490542459
                                                                          • Opcode ID: 409dcdf37bb601505e89fde1318f0eee48a86b38a1b0ccc7b8c1ec86fe2e4002
                                                                          • Instruction ID: a31591a3920cac07012b71aa232c91f3e146c1fa241af55dc6587738ffd0a9ef
                                                                          • Opcode Fuzzy Hash: 409dcdf37bb601505e89fde1318f0eee48a86b38a1b0ccc7b8c1ec86fe2e4002
                                                                          • Instruction Fuzzy Hash: 941159727062203BD7107A69BC45EEBBB8CDFD2A68F0504A9F504E7B46F220DC0582F1
                                                                          Function 0054BA60 Relevance: 8.8, Strings: 7, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 333D01$333D02$333D04$485B39$633A01$MB63 $SDC011
                                                                          • API String ID: 0-3177532409
                                                                          • Opcode ID: 4a32e3c03e1ea6d8faa088ab24b4c6a839ac9d45965f6d01b7f927d2640ec8ed
                                                                          • Instruction ID: f580ed84c8347ddacb894d232a32333d682a22d51229c9fd06c8f250b900b2a3
                                                                          • Opcode Fuzzy Hash: 4a32e3c03e1ea6d8faa088ab24b4c6a839ac9d45965f6d01b7f927d2640ec8ed
                                                                          • Instruction Fuzzy Hash: 5111C0345482C387F64CDF12CD1ABA67F99FBA0768F110D2C6892932E5DBA4C84986D2
                                                                          Function 6CE98A68 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53sleepthreadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Sleep.KERNEL32(00000001,6CF7ECE0,6CE98E6F), ref: 6CE98AAB
                                                                          • Sleep.KERNEL32(00000000,6CF7ECE0,6CE98E6F), ref: 6CE98ACE
                                                                          • SwitchToThread.KERNEL32(6CF7ECE0,6CE98E6F), ref: 6CE98AD5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Sleep$SwitchThread
                                                                          • String ID: gfff$gfff
                                                                          • API String ID: 695535604-3084402119
                                                                          • Opcode ID: 713bf0f0199e4a7381a13ec93e9e43927af8706901e76edbff201229e15ae11f
                                                                          • Instruction ID: 44eb3f17e08419f722353ba9d09c02abdccdf0c2aa9fd849f4b2d1d615b632d2
                                                                          • Opcode Fuzzy Hash: 713bf0f0199e4a7381a13ec93e9e43927af8706901e76edbff201229e15ae11f
                                                                          • Instruction Fuzzy Hash: 6C018D707043508FD7BC997DA850758B1B2A783319F788727D906CEF95D7E498468283
                                                                          Function 6C995EBF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,7661A3ED,00000000,?,00000000,6C9AED04,000000FF,?,6C995E59,?,?,6C995E2D,00000000), ref: 6C995EF4
                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6C995F06
                                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,6C9AED04,000000FF,?,6C995E59,?,?,6C995E2D,00000000), ref: 6C995F28
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                          • API String ID: 4061214504-1276376045
                                                                          • Opcode ID: 58f51aef74b6d17b4b1a6e2f352a446bff9dbd3633a11617a9375d4811a8b00f
                                                                          • Instruction ID: 3b5dafbdabcfcf4e31cf770a2324e0d2fdfe5edced42305c127187b1a9fc9a50
                                                                          • Opcode Fuzzy Hash: 58f51aef74b6d17b4b1a6e2f352a446bff9dbd3633a11617a9375d4811a8b00f
                                                                          • Instruction Fuzzy Hash: CF01A271A08659FFDF018B50CD08FAFBBB8FB45725F140625E826A2680DB74DA00CB94
                                                                          Function 6C9E1BC4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6C9E1B75,00000000,?,6C9E1B15,00000000,6C9FA1D0,0000000C,6C9E1C5D,00000000,00000002), ref: 6C9E1BE4
                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6C9E1BF7
                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,6C9E1B75,00000000,?,6C9E1B15,00000000,6C9FA1D0,0000000C,6C9E1C5D,00000000,00000002), ref: 6C9E1C1A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                          • API String ID: 4061214504-1276376045
                                                                          • Opcode ID: 81fd7f1dba621076b08b8b129956e999d9c846312e39a6e2ff2abd8a1036b891
                                                                          • Instruction ID: 001fca41f89cc92e06bb775a33db3afb7cae6c2349b4125a2f366f2f77791c88
                                                                          • Opcode Fuzzy Hash: 81fd7f1dba621076b08b8b129956e999d9c846312e39a6e2ff2abd8a1036b891
                                                                          • Instruction Fuzzy Hash: 69F0A431604108BBDF059F90C808B9DBFB8EF5A215F200058F815A2640DB31DE91CB90
                                                                          Function 005DAD50 Relevance: 8.0, Strings: 6, Instructions: 458COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: cm/s$dBSPL$dm/s$i/s$m/s$mm/s
                                                                          • API String ID: 0-37439086
                                                                          • Opcode ID: 614a743ed2201b3d81b98541ef536dbdec2db126224105d6d35da20cc0f608eb
                                                                          • Instruction ID: 4b2f73ce6bc207004af123c46045de034db8be116ad1d21e70c979552167949d
                                                                          • Opcode Fuzzy Hash: 614a743ed2201b3d81b98541ef536dbdec2db126224105d6d35da20cc0f608eb
                                                                          • Instruction Fuzzy Hash: 410256311487C2DBD228EB25C855AAF7BDABFA4700F404D1EF1D652296DFB0A50DCA62
                                                                          Function 00495D50 Relevance: 7.9, Strings: 6, Instructions: 356COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: CAMP$IEPE$RME ADI-2 Pro$RME ADI-2/4 PRO SE$RTA$RTX6001
                                                                          • API String ID: 0-3628634157
                                                                          • Opcode ID: 6de62d6fe80dd4771a982d09c654f006ab7c9983c9da0268474cc7475b2ba09f
                                                                          • Instruction ID: f20b793d9303fb9504259a74d1099a5eea97327ae3802397f2e2c60fd660239f
                                                                          • Opcode Fuzzy Hash: 6de62d6fe80dd4771a982d09c654f006ab7c9983c9da0268474cc7475b2ba09f
                                                                          • Instruction Fuzzy Hash: 64D1B1B01083819FE318EF25DC86F6BBBE9BBD5704F001A1DF68597295DB749908CB22
                                                                          Function 00460C80 Relevance: 7.8, Strings: 6, Instructions: 323COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Nil$ 0~$%3.0fdBFS$%3.1fdBFS$%4.2fdBV$%4.2fdBu
                                                                          • API String ID: 0-2703390955
                                                                          • Opcode ID: 458e3ce64b6562787c02d6a6f6a85fdae54ea186b881c49e7bcf1e7692f7c825
                                                                          • Instruction ID: 44472ba299643d58ee76f592e2f1a404b7a65c3f63ee7cfe00a26711eb217c25
                                                                          • Opcode Fuzzy Hash: 458e3ce64b6562787c02d6a6f6a85fdae54ea186b881c49e7bcf1e7692f7c825
                                                                          • Instruction Fuzzy Hash: E4C14570248746EAE714EF60E948B9B7BB8FF90780F008A0DF4C5522D5EBB89559CB53
                                                                          Function 00461120 Relevance: 7.8, Strings: 6, Instructions: 323COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Nil$ 0~$%3.0fdBFS$%3.1fdBFS$%4.2fdBV$%4.2fdBu
                                                                          • API String ID: 0-2703390955
                                                                          • Opcode ID: 750efb7b14dc04ff3cb1e966b215a8f5621f5b71939216f316c7fead832f1644
                                                                          • Instruction ID: 9d381713871eabf38b098d272db8fefcd974b68da556e66d72aac7d096c5e832
                                                                          • Opcode Fuzzy Hash: 750efb7b14dc04ff3cb1e966b215a8f5621f5b71939216f316c7fead832f1644
                                                                          • Instruction Fuzzy Hash: 21C13170644746EAE704EF20E949B9B7BB8FFC1780F004A0DF4C6522A1EB789599CB53
                                                                          Function 004BBA20 Relevance: 7.8, Strings: 6, Instructions: 306COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: CAMP$IEPE$RME ADI-2 Pro$RME ADI-2/4 PRO SE$RTA$RTX6001
                                                                          • API String ID: 0-3628634157
                                                                          • Opcode ID: d53e3052309f06599b5be5bb8cdae326fb356738ffd18d662f4c46f15af2a45b
                                                                          • Instruction ID: cfea74455cc4ed279087fd0613daadf2e2b8b591ffd651399ee69fde96b8d60c
                                                                          • Opcode Fuzzy Hash: d53e3052309f06599b5be5bb8cdae326fb356738ffd18d662f4c46f15af2a45b
                                                                          • Instruction Fuzzy Hash: B8B1A370244381ABE308EB25DC86FAB7BEDFBD4704F00190DF595562D6DBB4E9088B62
                                                                          Function 6C96CF40 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 213COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ControlTransfer failed: %s$cannot set configuration other than the default one$will use interface %d$winusbx_submit_control_transfer
                                                                          • API String ID: 0-3306924512
                                                                          • Opcode ID: dcc4cb9ac947d9551c4a4a4602d0820cfce8cdb9dfaf3d28ef29425236313d19
                                                                          • Instruction ID: fcd6f753bc9406090a5555975dbb52fbdbec0decafea2f899601b8b5dceb8d78
                                                                          • Opcode Fuzzy Hash: dcc4cb9ac947d9551c4a4a4602d0820cfce8cdb9dfaf3d28ef29425236313d19
                                                                          • Instruction Fuzzy Hash: 1E71A3367042059BE700CF2ED880A6A77E4EB85328F20466AE968CBFD1D731D955C791
                                                                          Function 6C9E239D Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: _free
                                                                          • String ID:
                                                                          • API String ID: 269201875-0
                                                                          • Opcode ID: 53dafd08422431c43b163e09c5c6e45e61c520a0d11ef8b34e9446607ff5940a
                                                                          • Instruction ID: 15d3fc2209ae2d1998033db1cd95520d839b758b2099dfdad66ce5cfd535d3c9
                                                                          • Opcode Fuzzy Hash: 53dafd08422431c43b163e09c5c6e45e61c520a0d11ef8b34e9446607ff5940a
                                                                          • Instruction Fuzzy Hash: DF411572A00604DFDB15CF79C884A9DB3B5FF99718B1582A9D511EB780EB30E902CB80
                                                                          Function 6C9E75DA Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 6C9E75E3
                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C9E7606
                                                                            • Part of subcall function 6C9E2D2F: RtlAllocateHeap.NTDLL(00000000,6C9D50A5,00000000), ref: 6C9E2D61
                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6C9E762C
                                                                          • _free.LIBCMT ref: 6C9E763F
                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6C9E764E
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                          • String ID:
                                                                          • API String ID: 336800556-0
                                                                          • Opcode ID: d6caddcd3ec082704dc2e00d0541b5401027ca1925b2e3c79c56444cadeb5971
                                                                          • Instruction ID: 48ffc150c0823789d290fc14506254944428d7be7bccd43c7e40e9501997381e
                                                                          • Opcode Fuzzy Hash: d6caddcd3ec082704dc2e00d0541b5401027ca1925b2e3c79c56444cadeb5971
                                                                          • Instruction Fuzzy Hash: D901B1B3602615BB271315BE5C8CC7B2A7DDFFFEA93250129F914CA641EE61CC0281B6
                                                                          Function 6C965570 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C9655A9
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C9655C3
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C9655F7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$Leave$Enter
                                                                          • String ID: interface %d$libusb_release_interface
                                                                          • API String ID: 2978645861-3434839606
                                                                          • Opcode ID: b218996d3abe75327f09184f9117b0e253f8638e4bbc6c66cdc5f28d3d370b01
                                                                          • Instruction ID: f2506086846bf0eb9a68c0424f97ac88d6798a41fdb110c1170baa27f4b40f31
                                                                          • Opcode Fuzzy Hash: b218996d3abe75327f09184f9117b0e253f8638e4bbc6c66cdc5f28d3d370b01
                                                                          • Instruction Fuzzy Hash: 17112936309710AFE3509A5EDD84D4BB3F9AFEA324B110729F945C7B92C620EC44C790
                                                                          Function 6C9E2C2A Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(6C9D50A5,6C9D50A5,00000002,6C9E0F4B,6C9E2D72,00000000,?,6C9D6B8F,00000002,00000000,6C9D23BE,?,?,6C9D2303,6C9D50A5,00000004), ref: 6C9E2C2F
                                                                          • _free.LIBCMT ref: 6C9E2C64
                                                                          • _free.LIBCMT ref: 6C9E2C8B
                                                                          • SetLastError.KERNEL32(00000000,?,6C9D50A5), ref: 6C9E2C98
                                                                          • SetLastError.KERNEL32(00000000,?,6C9D50A5), ref: 6C9E2CA1
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$_free
                                                                          • String ID:
                                                                          • API String ID: 3170660625-0
                                                                          • Opcode ID: ed3ec4b0adb76f85c6644a488582286055fb5d8378170771229e5862e7907a01
                                                                          • Instruction ID: 4546af1edcf5acf3541c823318d9bbe4a48508e2042a5de46939bb03b53bebf8
                                                                          • Opcode Fuzzy Hash: ed3ec4b0adb76f85c6644a488582286055fb5d8378170771229e5862e7907a01
                                                                          • Instruction Fuzzy Hash: 56018676249E02AB93031675DD8CA4B27BDAFFE7A97250169F915D2B40EF71C4064160
                                                                          Function 6C9E91A3 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _free.LIBCMT ref: 6C9E91BB
                                                                            • Part of subcall function 6C9E2CF5: HeapFree.KERNEL32(00000000,00000000,?,6C9E923A,?,00000000,?,00000000,?,6C9E9261,?,00000007,?,?,6C9E7A4B,?), ref: 6C9E2D0B
                                                                            • Part of subcall function 6C9E2CF5: GetLastError.KERNEL32(?,?,6C9E923A,?,00000000,?,00000000,?,6C9E9261,?,00000007,?,?,6C9E7A4B,?,?), ref: 6C9E2D1D
                                                                          • _free.LIBCMT ref: 6C9E91CD
                                                                          • _free.LIBCMT ref: 6C9E91DF
                                                                          • _free.LIBCMT ref: 6C9E91F1
                                                                          • _free.LIBCMT ref: 6C9E9203
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: 40df4ebcd9c3b32e253489e22f744494619acfbdf7e49c9626a19114c6b0fab8
                                                                          • Instruction ID: 1820997202987bbe1d99f8a1b7938958ba4b4bd14155263f385e56ec59917504
                                                                          • Opcode Fuzzy Hash: 40df4ebcd9c3b32e253489e22f744494619acfbdf7e49c9626a19114c6b0fab8
                                                                          • Instruction Fuzzy Hash: A7F04F31605604DB9B12DA58F188C9B33FDBF7D7587714805F56AD7E00CB30F9819690
                                                                          Function 6C9E25EF Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _free.LIBCMT ref: 6C9E260D
                                                                            • Part of subcall function 6C9E2CF5: HeapFree.KERNEL32(00000000,00000000,?,6C9E923A,?,00000000,?,00000000,?,6C9E9261,?,00000007,?,?,6C9E7A4B,?), ref: 6C9E2D0B
                                                                            • Part of subcall function 6C9E2CF5: GetLastError.KERNEL32(?,?,6C9E923A,?,00000000,?,00000000,?,6C9E9261,?,00000007,?,?,6C9E7A4B,?,?), ref: 6C9E2D1D
                                                                          • _free.LIBCMT ref: 6C9E261F
                                                                          • _free.LIBCMT ref: 6C9E2632
                                                                          • _free.LIBCMT ref: 6C9E2643
                                                                          • _free.LIBCMT ref: 6C9E2654
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: c7cf107dab03f0f42e4715bc3b583a546921dfab7bac92c0879c96f5a2367a4e
                                                                          • Instruction ID: b7ab889a060e06a33c75a1f501f5b0148d4d938998c1fd6b3890f53d44234730
                                                                          • Opcode Fuzzy Hash: c7cf107dab03f0f42e4715bc3b583a546921dfab7bac92c0879c96f5a2367a4e
                                                                          • Instruction Fuzzy Hash: 32F01DB2609A168B9F126F24F4084483BB4FB3EA6C321468AF935D7B50DBB09405AFC1
                                                                          Function 6C9A2196 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 370COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: __freea
                                                                          • String ID: a/p$am/pm
                                                                          • API String ID: 240046367-3206640213
                                                                          • Opcode ID: 780cd3b01a493107789687b7d8f04b771a99f20188a694ce2ba81fb62f034948
                                                                          • Instruction ID: 21785bfe4abbcbd2c189e4797ce2bff65fe71f08ea126e161c43bbba3c25fe28
                                                                          • Opcode Fuzzy Hash: 780cd3b01a493107789687b7d8f04b771a99f20188a694ce2ba81fb62f034948
                                                                          • Instruction Fuzzy Hash: D9C1E030905A06DFCB048FEAC8ACBAA77B9FF56708F604159E918ABE54D731C943CB51
                                                                          Function 6C978E70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 131COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C978F6F
                                                                          Strings
                                                                          • Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C978F63
                                                                          • EventPacket Container, xrefs: 6C978F68
                                                                          • u'j, xrefs: 6C978ED5
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container$u'j
                                                                          • API String ID: 3879971092-1765039177
                                                                          • Opcode ID: 25bbf5f35d9343859785dc13ee368a2c2cb71f67fc69e2c842d6f35482da9fc3
                                                                          • Instruction ID: fdebbd812e7cce692b8b006f50c31c09041898fc4dbf51776af30158224d061a
                                                                          • Opcode Fuzzy Hash: 25bbf5f35d9343859785dc13ee368a2c2cb71f67fc69e2c842d6f35482da9fc3
                                                                          • Instruction Fuzzy Hash: DE41F871A82B0576F7329A109C02FDB36599F71B0CF140411FA087EAD0EBB4F66546FA
                                                                          Function 6C9D4288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog3_GS.LIBCMT ref: 6C9D428F
                                                                            • Part of subcall function 6C9D1809: GetDlgItemTextA.USER32(00050056,?,00000000,?), ref: 6C9D185B
                                                                            • Part of subcall function 6C9D2054: __EH_prolog3.LIBCMT ref: 6C9D205B
                                                                            • Part of subcall function 6C9D111E: _Deallocate.LIBCONCRT ref: 6C9D112D
                                                                          • lstrcpy.KERNEL32(00661867,?), ref: 6C9D43DE
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DeallocateH_prolog3H_prolog3_ItemTextlstrcpy
                                                                          • String ID: #$%08X-%08X-%08X-%08X
                                                                          • API String ID: 918937283-1745745807
                                                                          • Opcode ID: cd5d3cc605ca067ac76a7d5a8929d64facb4662cc2723882f0588edf9bc4b83c
                                                                          • Instruction ID: 8a8002ef169ff3e0363af2b4174ab3c2a8c70bd0e6e2d18ba0d7b29cc450124a
                                                                          • Opcode Fuzzy Hash: cd5d3cc605ca067ac76a7d5a8929d64facb4662cc2723882f0588edf9bc4b83c
                                                                          • Instruction Fuzzy Hash: 664128B2E046049FDB10DFA8C854ADD7BB8AF36318F494565D001BBA41E730FA89CB61
                                                                          Function 6C9E1C68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe,00000104), ref: 6C9E1CA8
                                                                          • _free.LIBCMT ref: 6C9E1D73
                                                                          • _free.LIBCMT ref: 6C9E1D7D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: _free$FileModuleName
                                                                          • String ID: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                          • API String ID: 2506810119-698041861
                                                                          • Opcode ID: be1b76d58d4f985f767143daf40bf4589293e54f92ea21ae1d29baf6b3b58e0a
                                                                          • Instruction ID: 960e2cb5014272de8f75c90f3546ecdcd006bdb3b4e931ce800f55125a470e31
                                                                          • Opcode Fuzzy Hash: be1b76d58d4f985f767143daf40bf4589293e54f92ea21ae1d29baf6b3b58e0a
                                                                          • Instruction Fuzzy Hash: 02315271A04658EFDB128F99D8849DEBBFCEFAA714B204056E814DB701D770CA85CB51
                                                                          Function 6CEB4B20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,6CEB4C03), ref: 6CEB4BA6
                                                                          • GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,6CEB4C03), ref: 6CEB4BAC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164882381.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164829790.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164858981.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164984313.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165012582.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165042277.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165076360.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165107134.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165135771.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165170116.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4165202597.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DateFormatLocaleThread
                                                                          • String ID: $yyyy
                                                                          • API String ID: 3303714858-404527807
                                                                          • Opcode ID: 85f42a61da98a91095be9b220fbe826018cc644fbd84b619c2ab8379e37f0cad
                                                                          • Instruction ID: 48ddce15c45172f81e928f279c0bcfa7f65eb889fad87753cc0bb7450ea57136
                                                                          • Opcode Fuzzy Hash: 85f42a61da98a91095be9b220fbe826018cc644fbd84b619c2ab8379e37f0cad
                                                                          • Instruction Fuzzy Hash: 54218135A445189FD701DF94CAC1AAEB3B8EF09704B2144AAF904FB740D730AE04C7A1
                                                                          Function 6C97FB20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000001,?), ref: 6C97FB7D
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C97FBD7
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C97221D
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,?,?), ref: 6C972275
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacketConst() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C972321
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C97FB76, 6C97FBD0
                                                                          • Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C97FB71, 6C97FBCB
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container
                                                                          • API String ID: 3879971092-3411333834
                                                                          • Opcode ID: f3492fda500c0f889c4229eb079e57e25845e2a3637e3a676c4e10176bde6a22
                                                                          • Instruction ID: 9c7c033a80a20c2682b0bda676274b4bf86d7d70109912ea95b6d6a47fa255a1
                                                                          • Opcode Fuzzy Hash: f3492fda500c0f889c4229eb079e57e25845e2a3637e3a676c4e10176bde6a22
                                                                          • Instruction Fuzzy Hash: 792179F1A126409BFB20CF24DC65FA773DCAB6124CF100868E85EA7B81E731E508C671
                                                                          Function 6C97E2F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000001,?,?), ref: 6C97E34D
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?,?), ref: 6C97E3A7
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C97221D
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,Generic Event,Called caerGenericEventGetEvent() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,?,?), ref: 6C972275
                                                                            • Part of subcall function 6C9721A0: caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacketConst() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C972321
                                                                          Strings
                                                                          • EventPacket Container, xrefs: 6C97E346, 6C97E3A0
                                                                          • Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C97E341, 6C97E39B
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerEventPacketContainerSetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container
                                                                          • API String ID: 3879971092-3411333834
                                                                          • Opcode ID: cc8d94bbee0b7e024972f4ae9b355828039264383feb5a0e5139b396047bfb94
                                                                          • Instruction ID: 3ff290fbc365d4eaa5734a2acc0bd1716d97799f24993dca626ff81f503c5c56
                                                                          • Opcode Fuzzy Hash: cc8d94bbee0b7e024972f4ae9b355828039264383feb5a0e5139b396047bfb94
                                                                          • Instruction Fuzzy Hash: DA214CF5A027009FF760DE24A845F97739CAB21608F544428E499D7F91EB31E50887A2
                                                                          Function 6C9710A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateIoCompletionPort.KERNEL32(00000000,?,?,00000000), ref: 6C971107
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CompletionCreatePort
                                                                          • String ID: Redirector startup failed$failed to associate handle to I/O completion port: %s$usbdk_open
                                                                          • API String ID: 499945625-531262013
                                                                          • Opcode ID: b05d5294f395838d23c6c5e7b9868c26e71ad3447a7e914cb2a2bac0de92673f
                                                                          • Instruction ID: 982ffd798c2d2674a6a149373134628049534f24f08336c8bca63288827913c1
                                                                          • Opcode Fuzzy Hash: b05d5294f395838d23c6c5e7b9868c26e71ad3447a7e914cb2a2bac0de92673f
                                                                          • Instruction Fuzzy Hash: EA11C2B1301300ABDB115F399D88FCF7BA8AF46329F500929F52AD76C0C331E5149B95
                                                                          Function 6C9666F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostQueuedCompletionStatus.KERNEL32(?,?,?,?,?,?,?,?,?,6C96D16B), ref: 6C966739
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CompletionPostQueuedStatus
                                                                          • String ID: failed to post I/O completion: %s$transfer %p, length %lu$windows_force_sync_completion
                                                                          • API String ID: 2005739868-1595802685
                                                                          • Opcode ID: 62edb518e296b1964fb5010ed101f937de7f210ff88e2c39c070746ad88b6eec
                                                                          • Instruction ID: dbb0131a962175a1624d4d3b7789b70fede1fd7598b9f10b3671914416bace64
                                                                          • Opcode Fuzzy Hash: 62edb518e296b1964fb5010ed101f937de7f210ff88e2c39c070746ad88b6eec
                                                                          • Instruction Fuzzy Hash: C601B5B5305204BAFB101E669D84E5BB76CEB95B5CF210058F505E7D81D731DD11C6A0
                                                                          Function 6C967340 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CancelIoEx.KERNEL32(?,?,?,000F423F,6C9623A8,?), ref: 6C96735B
                                                                          • GetLastError.KERNEL32 ref: 6C96736A
                                                                          Strings
                                                                          • cancellation not supported for this transfer's driver, xrefs: 6C9673A3
                                                                          • windows_cancel_transfer, xrefs: 6C9673A8
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CancelErrorLast
                                                                          • String ID: cancellation not supported for this transfer's driver$windows_cancel_transfer
                                                                          • API String ID: 3969649707-1860133194
                                                                          • Opcode ID: e9759789184544049a70d7093c7eba66b51cb29406b54a319b4dedf04b124fa7
                                                                          • Instruction ID: 04b85063e4d2e88728b6f0fd4e6fc36e3f458b6a009a8d272223b3dbaaf11434
                                                                          • Opcode Fuzzy Hash: e9759789184544049a70d7093c7eba66b51cb29406b54a319b4dedf04b124fa7
                                                                          • Instruction Fuzzy Hash: B5018F72304101ABF7408A3FFE44E9B73E8AF8073571A0566F928C7EE0E720E8C28650
                                                                          Function 6C9D4DF4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlen.KERNEL32(02459235), ref: 6C9D4E0D
                                                                          • lstrlen.KERNEL32(02459209), ref: 6C9D4E22
                                                                            • Part of subcall function 6C9D2382: LoadLibraryA.KERNEL32(02459235,?,?,?,?,?,6C9D4D45), ref: 6C9D2398
                                                                          • DialogBoxParamA.USER32(REMOVELIC,6C9D3E84,00000000), ref: 6C9D4E61
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen$DialogLibraryLoadParam
                                                                          • String ID: REMOVELIC
                                                                          • API String ID: 1143393034-2893356913
                                                                          • Opcode ID: 3f7a55443a9c32ddb8c73c70bd34438c721ee5be865982d5de9fcdf02a5ddc78
                                                                          • Instruction ID: 2ce2d65a4f4636c14ed5c1c5a4efbaab173eb9f6fb456122e7e55e78a93208ec
                                                                          • Opcode Fuzzy Hash: 3f7a55443a9c32ddb8c73c70bd34438c721ee5be865982d5de9fcdf02a5ddc78
                                                                          • Instruction Fuzzy Hash: EDF0B4B2708542ABEF005F31E819B513779FB9A70AF25C434A125FB790CB25F415DE20
                                                                          Function 6C9D4D72 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlen.KERNEL32(02459235), ref: 6C9D4D92
                                                                          • lstrlen.KERNEL32(024591DD), ref: 6C9D4DA7
                                                                            • Part of subcall function 6C9D2382: LoadLibraryA.KERNEL32(02459235,?,?,?,?,?,6C9D4D45), ref: 6C9D2398
                                                                          • DialogBoxParamA.USER32(PASSWORDDLG,6C9D3CDC,00000000), ref: 6C9D4DE6
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen$DialogLibraryLoadParam
                                                                          • String ID: PASSWORDDLG
                                                                          • API String ID: 1143393034-2131313831
                                                                          • Opcode ID: d20bf8df31625f2ac53c73ad3c49184c892f3291a944e4c120e45f3d3e573975
                                                                          • Instruction ID: 9efa5babe6181267fec174f926f74f552135c2106619198de2b60e19ab15e0d5
                                                                          • Opcode Fuzzy Hash: d20bf8df31625f2ac53c73ad3c49184c892f3291a944e4c120e45f3d3e573975
                                                                          • Instruction Fuzzy Hash: F5F062B230C6409EEF009F20E824B553B79EB9AA09F258464B421AA795CB25F415DB10
                                                                          Function 6C9D4E6B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlen.KERNEL32(02459235), ref: 6C9D4E84
                                                                          • lstrlen.KERNEL32(024591F3), ref: 6C9D4E99
                                                                            • Part of subcall function 6C9D2382: LoadLibraryA.KERNEL32(02459235,?,?,?,?,?,6C9D4D45), ref: 6C9D2398
                                                                          • DialogBoxParamA.USER32(TRANSFERLIC,6C9D4038,00000000), ref: 6C9D4ED8
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen$DialogLibraryLoadParam
                                                                          • String ID: TRANSFERLIC
                                                                          • API String ID: 1143393034-1715082285
                                                                          • Opcode ID: 75f9cc6262807b815becd5582a3b8ba9d53efa1900543a5ce076dbc72f23323f
                                                                          • Instruction ID: 61e2255867f9b2f55a18f46baabe224791616945e3d7b365ed45f2494e670a80
                                                                          • Opcode Fuzzy Hash: 75f9cc6262807b815becd5582a3b8ba9d53efa1900543a5ce076dbc72f23323f
                                                                          • Instruction Fuzzy Hash: A2F054B2309681ABEF045FA4EC18B5136BAEFA660AF36C864A011FA754C765E415DF10
                                                                          Function 6C991982 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,6C991933,00000000,?,00000001,?,?,?,6C991A22,00000001,FlsFree,6C9B41C8,FlsFree), ref: 6C99198F
                                                                          • GetLastError.KERNEL32(?,6C991933,00000000,?,00000001,?,?,?,6C991A22,00000001,FlsFree,6C9B41C8,FlsFree,00000000,?,6C990948), ref: 6C991999
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 6C9919C1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad$ErrorLast
                                                                          • String ID: api-ms-
                                                                          • API String ID: 3177248105-2084034818
                                                                          • Opcode ID: 51e7e9fb8a8cbe8a58ed9790531f3389bd106ebc183c960e28ba8a1f898a313b
                                                                          • Instruction ID: 627ed13f7edbc43a43cb9c8a077b38beedd26f0e04874cc840537173d4bf0479
                                                                          • Opcode Fuzzy Hash: 51e7e9fb8a8cbe8a58ed9790531f3389bd106ebc183c960e28ba8a1f898a313b
                                                                          • Instruction Fuzzy Hash: 37E04F70788208BBEF101BA1ED05F5A3BBDAB12B58F284020F94DE8891D772D5549988
                                                                          Function 6C994D0C Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetConsoleOutputCP.KERNEL32(7661A3ED,00000000,00000000,?), ref: 6C994D6F
                                                                            • Part of subcall function 6C9A150C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6C9A44C1,?,00000000,-00000008), ref: 6C9A156D
                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6C994FC1
                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6C995007
                                                                          • GetLastError.KERNEL32 ref: 6C9950AA
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                          • String ID:
                                                                          • API String ID: 2112829910-0
                                                                          • Opcode ID: 1c0ff1e20e0e40482560d6d3aef3c8c025f8f31cc22cdc47bfa882c043a023aa
                                                                          • Instruction ID: 79558172c15ad9ce785ce2c3e2e4cd71490573ba0912f94bcd7397273b62d29a
                                                                          • Opcode Fuzzy Hash: 1c0ff1e20e0e40482560d6d3aef3c8c025f8f31cc22cdc47bfa882c043a023aa
                                                                          • Instruction Fuzzy Hash: 14D16D75D05249DFCF05CFA8D8809AEBBB5FF09304F28426AE46AAB751D630E945CF90
                                                                          Function 6C9E30B3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: __alldvrm$_strrchr
                                                                          • String ID:
                                                                          • API String ID: 1036877536-0
                                                                          • Opcode ID: 74662cce5b3b1bb7ae2f750556b1f6172edc10f4921d84ebab136fea86249a9e
                                                                          • Instruction ID: 50a86483dd97109ef91d9af2d2ba3696934e041c72c0f2229a62361c5719ef86
                                                                          • Opcode Fuzzy Hash: 74662cce5b3b1bb7ae2f750556b1f6172edc10f4921d84ebab136fea86249a9e
                                                                          • Instruction Fuzzy Hash: 51A14471A047869FE7138E78C890BAABBE9FF7A314F1442ADD4849BB61C734C945C750
                                                                          Function 6C990953 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AdjustPointer
                                                                          • String ID:
                                                                          • API String ID: 1740715915-0
                                                                          • Opcode ID: 7f3f186b937b4612a89c454ff0c41eb550ac4a18e32d8713fc1d04622574090e
                                                                          • Instruction ID: fcf78689c0c36efa99aa9085653dc9374fc10b0078cedf2fab61b60f7bca2aed
                                                                          • Opcode Fuzzy Hash: 7f3f186b937b4612a89c454ff0c41eb550ac4a18e32d8713fc1d04622574090e
                                                                          • Instruction Fuzzy Hash: 37511672A07242AFEB148F51D844BAAB7B9FF18718F28952EDC3587A90D731D980C7C0
                                                                          Function 6C9A07BF Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0014ecb20752cd2cdf64dd5aaf9cc6292ea6a354517c56229b8c7c79b33bc1a2
                                                                          • Instruction ID: 451c2f0bcbced004af3e2a78807581217605f7256bf271e9de724a85cdc6562c
                                                                          • Opcode Fuzzy Hash: 0014ecb20752cd2cdf64dd5aaf9cc6292ea6a354517c56229b8c7c79b33bc1a2
                                                                          • Instruction Fuzzy Hash: B5411771A00384AFE7149FBCCC40B9ABBA9FB98714F10467AE116DBB80D7B2D54687C0
                                                                          Function 6C9E50B1 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,6C9E0CEE,?,00000000,?,00000001,?,?,00000001,6C9E0CEE,00000000), ref: 6C9E50FE
                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6C9E5187
                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,6C9E0854,?), ref: 6C9E5199
                                                                          • __freea.LIBCMT ref: 6C9E51A2
                                                                            • Part of subcall function 6C9E2D2F: RtlAllocateHeap.NTDLL(00000000,6C9D50A5,00000000), ref: 6C9E2D61
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                          • String ID:
                                                                          • API String ID: 2652629310-0
                                                                          • Opcode ID: c2b8df4f83631a3e5f0d7ee6d3a1255b69592a1e5de2f5595f1096e5151b251e
                                                                          • Instruction ID: 1bcfa2962f2646add648c723c2787fdbd92727a8f83fa37b6619248a9db384fe
                                                                          • Opcode Fuzzy Hash: c2b8df4f83631a3e5f0d7ee6d3a1255b69592a1e5de2f5595f1096e5151b251e
                                                                          • Instruction Fuzzy Hash: FD31E172A0020AAFDF168F64CC44DEE3BA9EF69318F154168FC14D7680EB35DA55CB90
                                                                          Function 6C9735AD Relevance: 6.1, APIs: 4, Instructions: 87timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 6C97361E
                                                                          • SetWaitableTimer.KERNEL32(00000000,FFFFD8F0,00000000,00000000,00000000,00000000), ref: 6C973630
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C973639
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C973640
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: TimerWaitable$CloseCreateHandleObjectSingleWait
                                                                          • String ID:
                                                                          • API String ID: 2650818659-0
                                                                          • Opcode ID: ca502e38ea863c22742f7ddb75a75dbae90e3eef9cb99da78d55c7cd49ce6ff4
                                                                          • Instruction ID: 436ac023b827a950201229709d7d6cd599faae5ac55bbd281d9d2a852a52daec
                                                                          • Opcode Fuzzy Hash: ca502e38ea863c22742f7ddb75a75dbae90e3eef9cb99da78d55c7cd49ce6ff4
                                                                          • Instruction Fuzzy Hash: B62129716063516BD7220B749D41787BBA4FF02734F140225EA509BA90D369F516DBE2
                                                                          Function 6C9A4CE1 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9A150C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6C9A44C1,?,00000000,-00000008), ref: 6C9A156D
                                                                          • GetLastError.KERNEL32 ref: 6C9A4D45
                                                                          • __dosmaperr.LIBCMT ref: 6C9A4D4C
                                                                          • GetLastError.KERNEL32(?,?,?,?), ref: 6C9A4D86
                                                                          • __dosmaperr.LIBCMT ref: 6C9A4D8D
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                          • String ID:
                                                                          • API String ID: 1913693674-0
                                                                          • Opcode ID: 308e378efd4c5c731e74ce513a382ba2c464a2eda4c5aaf040ac89d3f45b6ea3
                                                                          • Instruction ID: 6a9040956f11cbd3df59f2265c48015a7cef741a0801a7b8659bc2e9ad3d6ccc
                                                                          • Opcode Fuzzy Hash: 308e378efd4c5c731e74ce513a382ba2c464a2eda4c5aaf040ac89d3f45b6ea3
                                                                          • Instruction Fuzzy Hash: 8321D171608605AFCB109FE6C88099BB7BDFF613697089628E91997E50DB30FC02CF90
                                                                          Function 6C994935 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a99c28eb2465a512daa351307af521481de59672e0ff551cbc9d62b923c76b9b
                                                                          • Instruction ID: fafb6aaf20b3be2d2f0b64bff339064e0b584dad1d8c9fe040a22857bc205dc2
                                                                          • Opcode Fuzzy Hash: a99c28eb2465a512daa351307af521481de59672e0ff551cbc9d62b923c76b9b
                                                                          • Instruction Fuzzy Hash: 2F21D171604605AFC7129F66C84099B77BDAF6176C71C4768F93997E40DB30EC008F54
                                                                          Function 6C9A5C82 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 6C9A5C8A
                                                                            • Part of subcall function 6C9A150C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6C9A44C1,?,00000000,-00000008), ref: 6C9A156D
                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6C9A5CC2
                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6C9A5CE2
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                          • String ID:
                                                                          • API String ID: 158306478-0
                                                                          • Opcode ID: 1113168f8ab4c620a8d15a88a785043490bd932211dd4e0a011319d532da5923
                                                                          • Instruction ID: a6790beff91e4d858671d1e924e343d3de324475a1c73f89701a91d0c1a899ca
                                                                          • Opcode Fuzzy Hash: 1113168f8ab4c620a8d15a88a785043490bd932211dd4e0a011319d532da5923
                                                                          • Instruction Fuzzy Hash: A411E1F1615A0ABEA70117F64C8CCAF797CEF5729C3280415F806D1601EB20CE0681B0
                                                                          Function 6C981BB0 Relevance: 6.1, APIs: 4, Instructions: 67timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 6C981BFE
                                                                          • SetWaitableTimer.KERNEL32(00000000,FFFFD8F0,00000000,00000000,00000000,00000000), ref: 6C981C10
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C981C19
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C981C20
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: TimerWaitable$CloseCreateHandleObjectSingleWait
                                                                          • String ID:
                                                                          • API String ID: 2650818659-0
                                                                          • Opcode ID: 21add6c18de182bab178190d73b257be2698f193f5c49ee770d36e16007379b8
                                                                          • Instruction ID: 4dddd92170f4051e52ee880f089ab5c17be42e425158cc840ad138492f445104
                                                                          • Opcode Fuzzy Hash: 21add6c18de182bab178190d73b257be2698f193f5c49ee770d36e16007379b8
                                                                          • Instruction Fuzzy Hash: 34117A326463117BDB115A109D01B8BB3B8FF02770F140330F924A79C0C729E41AC7D6
                                                                          Function 6C97D240 Relevance: 6.1, APIs: 4, Instructions: 67timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 6C97D28E
                                                                          • SetWaitableTimer.KERNEL32(00000000,FFFFD8F0,00000000,00000000,00000000,00000000), ref: 6C97D2A0
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C97D2A9
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C97D2B0
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: TimerWaitable$CloseCreateHandleObjectSingleWait
                                                                          • String ID:
                                                                          • API String ID: 2650818659-0
                                                                          • Opcode ID: e3754f940a800d379b7f6f4cf34f8d2c8c9cac5c19190e9e4e4e1bf66f237af0
                                                                          • Instruction ID: defeb701c72f3cb4a0062e80a00ec9351652228e78d1b03a56d9e6eea27af422
                                                                          • Opcode Fuzzy Hash: e3754f940a800d379b7f6f4cf34f8d2c8c9cac5c19190e9e4e4e1bf66f237af0
                                                                          • Instruction Fuzzy Hash: B2113D32746351BBD72156609D4079BB778FF01B74F140331F91466AD0C769E41AC7E6
                                                                          Function 6C988340 Relevance: 6.1, APIs: 4, Instructions: 67timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 6C988391
                                                                          • SetWaitableTimer.KERNEL32(00000000,FFFFD8F0,00000000,00000000,00000000,00000000), ref: 6C9883A3
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C9883AC
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C9883B3
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: TimerWaitable$CloseCreateHandleObjectSingleWait
                                                                          • String ID:
                                                                          • API String ID: 2650818659-0
                                                                          • Opcode ID: a545828a069c365184584db12dd350b92b64bbccca71d0ae213d40f162742e8c
                                                                          • Instruction ID: dd39c777dd53258a539dc7fc8015c4cea2045beb2ee76d6719b4d56e2a3167cd
                                                                          • Opcode Fuzzy Hash: a545828a069c365184584db12dd350b92b64bbccca71d0ae213d40f162742e8c
                                                                          • Instruction Fuzzy Hash: 2F115731646711BBD7215A149D41B8BB368FB01775F140623FB209BDC0C76AE41AC7E6
                                                                          Function 6C9654C0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6C96550E
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6C965548
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: interface %d$libusb_claim_interface
                                                                          • API String ID: 3168844106-2778510834
                                                                          • Opcode ID: c9af8942bfb0b6f479da3b0bc13214bdba5495d858ae1ba3df338b3554315dcd
                                                                          • Instruction ID: 2348e6f117a46d0690b3a2c0bd024374c48f145a446c81a80d9b80f9e82c3880
                                                                          • Opcode Fuzzy Hash: c9af8942bfb0b6f479da3b0bc13214bdba5495d858ae1ba3df338b3554315dcd
                                                                          • Instruction Fuzzy Hash: 7A1123763056109FD3109A9EC988E4BB3F9EFD9326710023AF544CBA92C730EC04CB90
                                                                          Function 6C964E10 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: destroy device %d.%d$libusb_unref_device
                                                                          • API String ID: 3168844106-3750132186
                                                                          • Opcode ID: e1faf9bc1350b3307820fcdef15f912f01cc507be9a86682471afa3e84e439d1
                                                                          • Instruction ID: 12d0980f058180a498da4ed50a03a9edd2c5659eb7036747c0a4cb466ec11339
                                                                          • Opcode Fuzzy Hash: e1faf9bc1350b3307820fcdef15f912f01cc507be9a86682471afa3e84e439d1
                                                                          • Instruction Fuzzy Hash: 361160B1600110ABEB00CF59DDC5B537BA9AF59325F0841A4E919CF786DB71E914CBE1
                                                                          Function 6C9D8FB4 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 6C9D8FCE
                                                                            • Part of subcall function 6C9D8F1B: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 6C9D8F4A
                                                                            • Part of subcall function 6C9D8F1B: ___AdjustPointer.LIBCMT ref: 6C9D8F65
                                                                          • _UnwindNestedFrames.LIBCMT ref: 6C9D8FE3
                                                                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 6C9D8FF4
                                                                          • CallCatchBlock.LIBVCRUNTIME ref: 6C9D901C
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                          • String ID:
                                                                          • API String ID: 737400349-0
                                                                          • Opcode ID: ec9dfc6e7721fb28ab73de626843b0ef8f03f07822796165cbb07243542b370a
                                                                          • Instruction ID: 9b3a6a09842c2e23e5dfc5680f8e4c8d23e8287bb48ffde67a0b3bcf542e41a6
                                                                          • Opcode Fuzzy Hash: ec9dfc6e7721fb28ab73de626843b0ef8f03f07822796165cbb07243542b370a
                                                                          • Instruction Fuzzy Hash: 94011732100508BBDF125E95CC40DEB3B7EEF69698F068018FA08A6620D732E861DBA1
                                                                          Function 6C9E3D60 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,6C9D50A5,00000000,00000000,?,6C9E3D07,6C9D50A5,00000000,00000000,00000000,?,6C9E3F04,00000006,FlsSetValue), ref: 6C9E3D92
                                                                          • GetLastError.KERNEL32(?,6C9E3D07,6C9D50A5,00000000,00000000,00000000,?,6C9E3F04,00000006,FlsSetValue,6C9F2AF0,FlsSetValue,00000000,00000364,?,6C9E2C78), ref: 6C9E3D9E
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6C9E3D07,6C9D50A5,00000000,00000000,00000000,?,6C9E3F04,00000006,FlsSetValue,6C9F2AF0,FlsSetValue,00000000), ref: 6C9E3DAC
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad$ErrorLast
                                                                          • String ID:
                                                                          • API String ID: 3177248105-0
                                                                          • Opcode ID: f55b4b8d1db946954c5794e03c0cb2d2a9ee9b3c5f4552e4d1a3c24f6f0210cc
                                                                          • Instruction ID: 0f50e288e2e8b49772dda09f5a3974c6ff229c244d52d7aaf82a7cae1df1f909
                                                                          • Opcode Fuzzy Hash: f55b4b8d1db946954c5794e03c0cb2d2a9ee9b3c5f4552e4d1a3c24f6f0210cc
                                                                          • Instruction Fuzzy Hash: 7301473B759222ABCB134A3ACC44B467BBCFFAF7A57610320F915D7640D720D84086E0
                                                                          Function 6C9D1631 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetWindowRect.USER32(0000000F,6C9FD7E0), ref: 6C9D164C
                                                                          • GetSystemMetrics.USER32(00000001), ref: 6C9D165A
                                                                          • GetSystemMetrics.USER32(00000000), ref: 6C9D166F
                                                                          • SetWindowPos.USER32(00000000,00000000), ref: 6C9D168A
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: MetricsSystemWindow$Rect
                                                                          • String ID:
                                                                          • API String ID: 3945642117-0
                                                                          • Opcode ID: e66ce0c7dd5bbecf53c29965a85377f071786113ac98ac5c480e4661fbf5acf2
                                                                          • Instruction ID: 5353c2a8c3aa4712baf304f9ad7bee63e911d3912be1522b832fc955cf5972f1
                                                                          • Opcode Fuzzy Hash: e66ce0c7dd5bbecf53c29965a85377f071786113ac98ac5c480e4661fbf5acf2
                                                                          • Instruction Fuzzy Hash: 18F03172704109EFDB48DFB8DD49DBF7B79EFCA705B554168A502D6280CA30AA05DA11
                                                                          Function 6C975E60 Relevance: 6.0, APIs: 4, Instructions: 40timesynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 6C975E99
                                                                          • SetWaitableTimer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000), ref: 6C975EAF
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C975EB8
                                                                          • CloseHandle.KERNEL32(00000000), ref: 6C975EBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: TimerWaitable$CloseCreateHandleObjectSingleWait
                                                                          • String ID:
                                                                          • API String ID: 2650818659-0
                                                                          • Opcode ID: 62b37da70dbf528db4e7073a0b830c2e6e7ace574ca35822298ecefd689b8382
                                                                          • Instruction ID: fb3fe9832596d7d42c184a6a5e2a5b0db5a47ab28658aec08c452e92383d0f94
                                                                          • Opcode Fuzzy Hash: 62b37da70dbf528db4e7073a0b830c2e6e7ace574ca35822298ecefd689b8382
                                                                          • Instruction Fuzzy Hash: 98F09673749220BBF7159A24DD05BAF76E4EB89B50F154628F212EA2C0D670DD00C7D5
                                                                          Function 6C968C60 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DeleteCriticalSection.KERNEL32(6C9C9FCC,6C9CA038,6C967004,6C9CA038,00000001,00000000,00000120,6C9CA038,6C965AEE,00000000), ref: 6C968C66
                                                                          • FreeLibrary.KERNEL32(00000000), ref: 6C968C94
                                                                          • FreeLibrary.KERNEL32(00000000), ref: 6C968CAA
                                                                          • FreeLibrary.KERNEL32(00000000), ref: 6C968CC0
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FreeLibrary$CriticalDeleteSection
                                                                          • String ID:
                                                                          • API String ID: 1087323003-0
                                                                          • Opcode ID: 02e66a6347f8d801fe8c942bc91513733ab122ff093f9a35958c5ee89c578cf9
                                                                          • Instruction ID: 28f0c63d492c194daafe329ba7baf37dcb59a821c82ab8ad9dc349859331c391
                                                                          • Opcode Fuzzy Hash: 02e66a6347f8d801fe8c942bc91513733ab122ff093f9a35958c5ee89c578cf9
                                                                          • Instruction Fuzzy Hash: B5F05EB2B1A2119BFF109F6AD944B463BFCAB1229CF264446D810D3A80D7B8D9448B99
                                                                          Function 6C9A8F9A Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteConsoleW.KERNEL32(00000000,00000000,00001000,00000000,00000000,?,6C9A33E2,00000000,00000001,?,?,?,6C9950FE,?,00000000,00000000), ref: 6C9A8FB1
                                                                          • GetLastError.KERNEL32(?,6C9A33E2,00000000,00000001,?,?,?,6C9950FE,?,00000000,00000000,?,?,?,6C9956D8,?), ref: 6C9A8FBD
                                                                            • Part of subcall function 6C9A8F83: CloseHandle.KERNEL32(FFFFFFFE,6C9A8FCD,?,6C9A33E2,00000000,00000001,?,?,?,6C9950FE,?,00000000,00000000,?,?), ref: 6C9A8F93
                                                                          • ___initconout.LIBCMT ref: 6C9A8FCD
                                                                            • Part of subcall function 6C9A8F45: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6C9A8F74,6C9A33CF,?,?,6C9950FE,?,00000000,00000000,?), ref: 6C9A8F58
                                                                          • WriteConsoleW.KERNEL32(00000000,00000000,00001000,00000000,?,6C9A33E2,00000000,00000001,?,?,?,6C9950FE,?,00000000,00000000,?), ref: 6C9A8FE2
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                          • String ID:
                                                                          • API String ID: 2744216297-0
                                                                          • Opcode ID: 26265d6bfaa166d50c67c3ed1bca188099bc7c566e7f13a4f91e4549d5419ea9
                                                                          • Instruction ID: ee9704c70b1ffbcd9892dabc6afd64d7846bce397826d51edf8bce39b805f18e
                                                                          • Opcode Fuzzy Hash: 26265d6bfaa166d50c67c3ed1bca188099bc7c566e7f13a4f91e4549d5419ea9
                                                                          • Instruction Fuzzy Hash: 43F01C36205196BBCF261FD2CD0898B3F3AEB1D3A4F144012FA0985520CB32C921DBD8
                                                                          Function 6C9D1927 Relevance: 6.0, APIs: 4, Instructions: 15COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetBkColor.GDI32(?,?), ref: 6C9D1930
                                                                          • SetTextColor.GDI32(?,?), ref: 6C9D193C
                                                                          • SetDCBrushColor.GDI32(?,?,?,6C9D2566,?,00FFFFFF,000F23D9), ref: 6C9D1948
                                                                          • GetStockObject.GDI32(00000012), ref: 6C9D1950
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Color$BrushObjectStockText
                                                                          • String ID:
                                                                          • API String ID: 79644145-0
                                                                          • Opcode ID: 14c0a7d27c9bb5aee28787d03b87460b47f676486f6b39eed37e12ea7aaae409
                                                                          • Instruction ID: 1ca1fec4dcce946a726544ccb97c31ecf2c25216b08598e5d49b50c85adeda3a
                                                                          • Opcode Fuzzy Hash: 14c0a7d27c9bb5aee28787d03b87460b47f676486f6b39eed37e12ea7aaae409
                                                                          • Instruction Fuzzy Hash: 6BE02D33104108FBCF525F90CC089997F36FF6A352B188414FA1948121C7328662BB91
                                                                          Function 6C9E12AD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __startOneArgErrorHandling.LIBCMT ref: 6C9E133D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorHandling__start
                                                                          • String ID: pow
                                                                          • API String ID: 3213639722-2276729525
                                                                          • Opcode ID: dd91795152447526d5252f481518398948d7b9c4318a6098871e353a3e630fee
                                                                          • Instruction ID: 4fed8175366a9ff5e5c93fb9a5343ec2b8369cacb1893d8f6fd4001e3b4b36ae
                                                                          • Opcode Fuzzy Hash: dd91795152447526d5252f481518398948d7b9c4318a6098871e353a3e630fee
                                                                          • Instruction Fuzzy Hash: F5514BA1A0D64586DB036714C90039D3BB8EF7F748F305A59E1A1C6F9AEB31C498CB46
                                                                          Function 6C9A3B0D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __startOneArgErrorHandling.LIBCMT ref: 6C9A3B9D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorHandling__start
                                                                          • String ID: pow
                                                                          • API String ID: 3213639722-2276729525
                                                                          • Opcode ID: a3fc4e976b782d63e3957bf0c294c54306e2f4672e4cc7ad7fe27596f16e8015
                                                                          • Instruction ID: 6c000fde509f5f4198fcc3629ea75291803e48989ca97ee5f6810c7ab35a4050
                                                                          • Opcode Fuzzy Hash: a3fc4e976b782d63e3957bf0c294c54306e2f4672e4cc7ad7fe27596f16e8015
                                                                          • Instruction Fuzzy Hash: 36517D61A4D101A7C7017AF4C9403BE7BB9FB51718F308E58E49583AE8EF35C49B8E4A
                                                                          Function 00466550 Relevance: 5.4, Strings: 4, Instructions: 397COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $%ld,%ld,%ld$%lf,%lf,%lf$.bpl
                                                                          • API String ID: 0-665085329
                                                                          • Opcode ID: 6e9d8cd0c699c1990d51575a11e52b013a8f79cd0b1b2c38979b7175ab96b0fc
                                                                          • Instruction ID: 4bc92f5e727e7ced10ff17a67879d461e83e5f2c952a12fc34ce0be5d282e62e
                                                                          • Opcode Fuzzy Hash: 6e9d8cd0c699c1990d51575a11e52b013a8f79cd0b1b2c38979b7175ab96b0fc
                                                                          • Instruction Fuzzy Hash: 04F1E4B0900709DBDB28DF64D994BAFBBB8FF45300F10852EE4A6A7381D738A945CB55
                                                                          Function 6C9885E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C9886EC
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C9886E0
                                                                          • EventPacket Container, xrefs: 6C9886E5
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container
                                                                          • API String ID: 1435167524-1956706304
                                                                          • Opcode ID: 189fc661cb90f0e05784971cd3c9b2fab4ad9ec15b73f0d4c4009143f48443f7
                                                                          • Instruction ID: 1aabfcbee33ac43aff8f49e008dab1dea29c521dfb9761b9f27b86741ea56860
                                                                          • Opcode Fuzzy Hash: 189fc661cb90f0e05784971cd3c9b2fab4ad9ec15b73f0d4c4009143f48443f7
                                                                          • Instruction Fuzzy Hash: 6A41C4B168271076FB215A109C92F9732AC5F72F08F140825FE047FAC5E7B9F6454AAE
                                                                          Function 6C9656E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SleepEx.KERNEL32(00000000,00000001), ref: 6C96575B
                                                                          Strings
                                                                          • usbi_get_context, xrefs: 6C9657C6
                                                                          • API misuse! Using non-default context as implicit default., xrefs: 6C9657C1
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID: API misuse! Using non-default context as implicit default.$usbi_get_context
                                                                          • API String ID: 3472027048-90567104
                                                                          • Opcode ID: 066c387b4d67b22f47c96360f0ffb346b54f4e37aa9cde4b5794513238a5fa99
                                                                          • Instruction ID: acb0a5c0f567b802f0a8ab628a23d3f57579571f0ee914cdb6d45353274f67b8
                                                                          • Opcode Fuzzy Hash: 066c387b4d67b22f47c96360f0ffb346b54f4e37aa9cde4b5794513238a5fa99
                                                                          • Instruction Fuzzy Hash: 8B41B07670E301CFEB00CE1AD88020AF3B4EBC6729F244A2EE514D7E81DB72D4458B81
                                                                          Function 6C973970 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 128COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C973A5F
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C973A53
                                                                          • EventPacket Container, xrefs: 6C973A58
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container
                                                                          • API String ID: 1435167524-1956706304
                                                                          • Opcode ID: 980f9e23ab00b149efa37601bf2dbe0ea5b52535e32a3ec7427c13e3e160d4db
                                                                          • Instruction ID: 44bf268b457c6ce0890003b43999d03d150739373150cbafd515ca9e5702fbb3
                                                                          • Opcode Fuzzy Hash: 980f9e23ab00b149efa37601bf2dbe0ea5b52535e32a3ec7427c13e3e160d4db
                                                                          • Instruction Fuzzy Hash: E0419371A82B15B6FB319A249C03FDA32987F71B18F100114FA187BAC0E7B5F65546B6
                                                                          Function 6C990F4F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EncodePointer.KERNEL32(00000000,?), ref: 6C990F74
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: EncodePointer
                                                                          • String ID: MOC$RCC
                                                                          • API String ID: 2118026453-2084237596
                                                                          • Opcode ID: e897a40bb597b58f9c81806c74c62dd60f7d4410f0f8fd75dcace737a842f791
                                                                          • Instruction ID: caeca1c62ef79fc0abe273b5d366409e66a779bfd21471bf4d321dfdd5fec232
                                                                          • Opcode Fuzzy Hash: e897a40bb597b58f9c81806c74c62dd60f7d4410f0f8fd75dcace737a842f791
                                                                          • Instruction Fuzzy Hash: 7B415A71900249EFCF05CF94CD80AEEBBB9FF09348F284159F91966610D336D951DB50
                                                                          Function 6C97D4D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C97D59C
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C97D590
                                                                          • EventPacket Container, xrefs: 6C97D595
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container
                                                                          • API String ID: 1435167524-1956706304
                                                                          • Opcode ID: a0acecff3acb0fb488698b406643ce433efd5d7ccf15d5886f4d2c17e25c8b96
                                                                          • Instruction ID: cb1c5ab0cc55c0df430f43c6cb9deff73d21d7577106976ac9fd750c59adf98c
                                                                          • Opcode Fuzzy Hash: a0acecff3acb0fb488698b406643ce433efd5d7ccf15d5886f4d2c17e25c8b96
                                                                          • Instruction Fuzzy Hash: 4E31D372A427107BFB319E609C82F8B72685F61B0CF140024FA057ABC5E7A5F60946F6
                                                                          Function 6C9D3E84 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9D423F: lstrlen.KERNEL32(02459235,6C9D24B1), ref: 6C9D424A
                                                                          • GetDlgItem.USER32(00005603), ref: 6C9D3ED7
                                                                            • Part of subcall function 6C9D1927: SetBkColor.GDI32(?,?), ref: 6C9D1930
                                                                            • Part of subcall function 6C9D1927: SetTextColor.GDI32(?,?), ref: 6C9D193C
                                                                            • Part of subcall function 6C9D1927: SetDCBrushColor.GDI32(?,?,?,6C9D2566,?,00FFFFFF,000F23D9), ref: 6C9D1948
                                                                            • Part of subcall function 6C9D1927: GetStockObject.GDI32(00000012), ref: 6C9D1950
                                                                          • EndDialog.USER32(?,00000000), ref: 6C9D3F54
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Color$BrushDialogItemObjectStockTextlstrlen
                                                                          • String ID: %08X
                                                                          • API String ID: 1577505657-3773563069
                                                                          • Opcode ID: 4557fda3751330f1b247327ef1e8392890a18d0ab86e3e197cddc8941e8ab8cb
                                                                          • Instruction ID: 335393203d2416d2c23504699494bd21a2056228fcef79417ef4150faa711440
                                                                          • Opcode Fuzzy Hash: 4557fda3751330f1b247327ef1e8392890a18d0ab86e3e197cddc8941e8ab8cb
                                                                          • Instruction Fuzzy Hash: C3312432204D0997EB04AE7DDC15A9E32B4BBA231AF82C924F551A7FC0DB21E4258752
                                                                          Function 6C981E20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C981EAD
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C981EA1
                                                                          • EventPacket Container, xrefs: 6C981EA6
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container
                                                                          • API String ID: 1435167524-1956706304
                                                                          • Opcode ID: c96963085c0fe391766e9711d5d075e448a865e743d9f819844674d708a9955d
                                                                          • Instruction ID: db3a914822f66daf91ef259b39223068381cf3ddaa128e181c65d5f66454552f
                                                                          • Opcode Fuzzy Hash: c96963085c0fe391766e9711d5d075e448a865e743d9f819844674d708a9955d
                                                                          • Instruction Fuzzy Hash: F7210AB290220467EB109E54DC81F97776CAF62708F140864ED296BB12E735E45587F2
                                                                          Function 6C989AA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C989B2D
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C989B21
                                                                          • EventPacket Container, xrefs: 6C989B26
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container
                                                                          • API String ID: 1435167524-1956706304
                                                                          • Opcode ID: 97f07c167e54b3504d2cf5b4f562709956e2b85bcde55afa2d040ac3f169aaf2
                                                                          • Instruction ID: 85d8756571673771a13cf1b59ee0be226a1a35ac9490533ed01838d4ee655a00
                                                                          • Opcode Fuzzy Hash: 97f07c167e54b3504d2cf5b4f562709956e2b85bcde55afa2d040ac3f169aaf2
                                                                          • Instruction Fuzzy Hash: 1621F6B2A022106BEB00DE54DCC1F9777ACAFB1B08F1A0864ED185BB15F775E51987A2
                                                                          Function 6C983B00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Event Packet,Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d.,?,?,?,00000000,00000000), ref: 6C983B81
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Event Packet, xrefs: 6C983B7A
                                                                          • Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d., xrefs: 6C983B75
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Event Packet$Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d.
                                                                          • API String ID: 1435167524-527223162
                                                                          • Opcode ID: 5a9ce8b869fa4b854338dc0c323ee99ce2a8a2cd59282fd26739b61db270d591
                                                                          • Instruction ID: 2bc133ac09b6ea92de26feee16eac5f50dc76906fd685f2cf103fc9d8063516a
                                                                          • Opcode Fuzzy Hash: 5a9ce8b869fa4b854338dc0c323ee99ce2a8a2cd59282fd26739b61db270d591
                                                                          • Instruction Fuzzy Hash: B511E1613063005BC720EEB5D800B6BB3E8FFA4B6AF044D2EF488D7A00E331D4458762
                                                                          Function 6C9723A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Event Packet,Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d.,?,00000003,?,00000000,00000000), ref: 6C972403
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Event Packet, xrefs: 6C9723FC
                                                                          • Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d., xrefs: 6C9723F7
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Event Packet$Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d.
                                                                          • API String ID: 1435167524-527223162
                                                                          • Opcode ID: c9403f7a033c730f67bcaf05b3d2d0b8b8438cc7236ff28a3a381900f5ff6167
                                                                          • Instruction ID: 6f56b282b2a7236b3abd81c437f169156c461a5b9549885d6c6f81425f9bbfb9
                                                                          • Opcode Fuzzy Hash: c9403f7a033c730f67bcaf05b3d2d0b8b8438cc7236ff28a3a381900f5ff6167
                                                                          • Instruction Fuzzy Hash: 701108B1716704ABD320DF61EC04B67B7ECDFD176AF04482EE54487A10E372D51897A1
                                                                          Function 6C97C4F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Event Packet,Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d.,00000000,0000000C,?,00000000,00000000), ref: 6C97C550
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Event Packet, xrefs: 6C97C549
                                                                          • Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d., xrefs: 6C97C544
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Event Packet$Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d.
                                                                          • API String ID: 1435167524-527223162
                                                                          • Opcode ID: 7cecbd087660055fb8b3b9da3435110f5a9f1dec5dcc02ae6241c6fcc3465f01
                                                                          • Instruction ID: 6717a315572332b70672b9b9752806307104ad094077389c10796ef9fda95ac1
                                                                          • Opcode Fuzzy Hash: 7cecbd087660055fb8b3b9da3435110f5a9f1dec5dcc02ae6241c6fcc3465f01
                                                                          • Instruction Fuzzy Hash: 6301DBB13453096AE320EF61AC40FA7B7ECDBD1756F04452EE544D7A50E367D40893B1
                                                                          Function 6C972450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Event Packet,Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d.,00000000,00000001,?,00000000,00000000), ref: 6C9724B0
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Event Packet, xrefs: 6C9724A9
                                                                          • Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d., xrefs: 6C9724A4
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Event Packet$Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d.
                                                                          • API String ID: 1435167524-527223162
                                                                          • Opcode ID: dd2693d0fcf8629d0ca7b0c0c4fb346b4d131d3fc7116b283af7eeef3a8da1b3
                                                                          • Instruction ID: c4414dc18ec8e1bef19f2a71db69fa5a5d11dabd21df422d4d6b2ae14f4e3cc2
                                                                          • Opcode Fuzzy Hash: dd2693d0fcf8629d0ca7b0c0c4fb346b4d131d3fc7116b283af7eeef3a8da1b3
                                                                          • Instruction Fuzzy Hash: 3C01DBB1751708AAE320DF51BC40FA7B7ACDBD1756F04442EE544D7A50E376D4189371
                                                                          Function 6C972570 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Event Packet,Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d.,00000000,00000000,?,00000000,00000000), ref: 6C9725CB
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Event Packet, xrefs: 6C9725C4
                                                                          • Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d., xrefs: 6C9725BF
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Event Packet$Failed to allocate %zu bytes of memory for Event Packet of type %hi, capacity %i from source %hi. Error: %d.
                                                                          • API String ID: 1435167524-527223162
                                                                          • Opcode ID: d0f3a6684289f9951f0ef11ce003a8bd8ca2e71963419f8e968152acfe48daf1
                                                                          • Instruction ID: 1564b148d3df3004232eb53b4847a44f182b5296cf005a9f30819f71cf5c6d1d
                                                                          • Opcode Fuzzy Hash: d0f3a6684289f9951f0ef11ce003a8bd8ca2e71963419f8e968152acfe48daf1
                                                                          • Instruction Fuzzy Hash: 1101C8A2352708AAD3209F51AC44FA7B7ACEBD1756F04442BE544D3A10E732D4089371
                                                                          Function 6C983C20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,Frame Event,Called caerFrameEventSetLengthXLengthYChannelNumber() with negative value(s)!), ref: 6C983C9F
                                                                          Strings
                                                                          • Frame Event, xrefs: 6C983C66, 6C983C98
                                                                          • Called caerFrameEventSetLengthXLengthYChannelNumber() with negative value(s)!, xrefs: 6C983C93
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerFrameEventSetLengthXLengthYChannelNumber() with negative value(s)!$Frame Event
                                                                          • API String ID: 3879971092-2385290178
                                                                          • Opcode ID: 6bd09f128e4f05141d8c82511cca964ea6640630161305ad9079169a3a2014cf
                                                                          • Instruction ID: fcb878467e3595795f4345104b59e736fd06491d3ed24a5afd09cad4f1d053ba
                                                                          • Opcode Fuzzy Hash: 6bd09f128e4f05141d8c82511cca964ea6640630161305ad9079169a3a2014cf
                                                                          • Instruction Fuzzy Hash: DE01ED32B093028BC708CF28D191A4BFBA9FFC6351F11482EE5459B310D330E4498BD1
                                                                          Function 6C972130 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Container,Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!,00000000,?), ref: 6C972174
                                                                          Strings
                                                                          • Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!, xrefs: 6C972168
                                                                          • EventPacket Container, xrefs: 6C97216D
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerEventPacketContainerGetEventPacket() with invalid event offset %i, while maximum allowed value is %i. Negative values are not allowed!$EventPacket Container
                                                                          • API String ID: 3879971092-1956706304
                                                                          • Opcode ID: 9c7333c092b089d66734457fdf83ac55a9e0966154e182c90c0d034c4cb9f552
                                                                          • Instruction ID: 5adc53e8a8d933c21514c00b40b238a5511b1682bbad73166121bff7b093ac1a
                                                                          • Opcode Fuzzy Hash: 9c7333c092b089d66734457fdf83ac55a9e0966154e182c90c0d034c4cb9f552
                                                                          • Instruction Fuzzy Hash: 35F0FCB3902A18B7A7205D185C84E67B36CFBB27547090154EA0463F04E731FA4581F3
                                                                          Function 6C961E90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DeleteCriticalSection.KERNEL32(6C98AFE4,00000000,?,6C98B000,00000000,00000000,00000000,00000000), ref: 6C961ED3
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalDeleteSection
                                                                          • String ID: libusb_free_transfer$transfer %p
                                                                          • API String ID: 166494926-4116055232
                                                                          • Opcode ID: ff0f9297becc55bf096be307b1f9ccba3af87b41070c457829f8d31c8ac9622e
                                                                          • Instruction ID: dac4570fa858fa62534c00401c95e89b16f5c97b9cd350d916dc9e1de09576fd
                                                                          • Opcode Fuzzy Hash: ff0f9297becc55bf096be307b1f9ccba3af87b41070c457829f8d31c8ac9622e
                                                                          • Instruction Fuzzy Hash: D9F0F6B2D06240ABFB15C7628C04F97B3DC6F62318F04882DE956D3E80E730E418C661
                                                                          Function 6C975F70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,IMU6 Event,Called caerIMU6EventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.,?,?), ref: 6C975FA0
                                                                          Strings
                                                                          • IMU6 Event, xrefs: 6C975F99
                                                                          • Called caerIMU6EventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i., xrefs: 6C975F94
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer
                                                                          • String ID: Called caerIMU6EventPacketGetEvent() with invalid event offset %i, while maximum allowed value is %i.$IMU6 Event
                                                                          • API String ID: 3879971092-4071708726
                                                                          • Opcode ID: 41c29b3ca48567c890537349c76da56ac664c347247d8214dac07a702aadb31d
                                                                          • Instruction ID: 9e03cca7c7c6d60e821ea40f694a5711e1f95918df828388042a101124822c76
                                                                          • Opcode Fuzzy Hash: 41c29b3ca48567c890537349c76da56ac664c347247d8214dac07a702aadb31d
                                                                          • Instruction Fuzzy Hash: 90E086B0706201AFEB5CDF04CD51F2AB3A4FB90301F04059CA40983D11E730F454C655
                                                                          Function 6C9D4C55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • 6F551CD0.COMCTL32(?,?,?,?,6C9D4324,00000008), ref: 6C9D4C80
                                                                          • GetDesktopWindow.USER32 ref: 6C9D4C86
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164606236.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164577047.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164639828.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164670106.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164698199.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164750907.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DesktopF551Window
                                                                          • String ID: 3Ro
                                                                          • API String ID: 2808417363-1492261280
                                                                          • Opcode ID: 40e3b845143d5d8c06a43e21b62cf51c33f24a02fe3ad12912fefd958a870ad3
                                                                          • Instruction ID: baeb8dfc2d83fd22597dc3837cd6403c513506f4c198b9a953f7d390ece3c6cb
                                                                          • Opcode Fuzzy Hash: 40e3b845143d5d8c06a43e21b62cf51c33f24a02fe3ad12912fefd958a870ad3
                                                                          • Instruction Fuzzy Hash: 73E04FB6614208FFDF44DF61C40994E7BF8FF1A31AF248129E851D6300E770A6448F50
                                                                          Function 6C972370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • caerLog.LIB_HELP(00000002,EventPacket Header,Called caerEventPacketHeaderSetEventCapacity() with negative value!), ref: 6C972384
                                                                            • Part of subcall function 6C971B50: caerLogVAFull.LIB_HELP(?,?,?,?,?), ref: 6C971B69
                                                                          Strings
                                                                          • Called caerEventPacketHeaderSetEventCapacity() with negative value!, xrefs: 6C972378
                                                                          • EventPacket Header, xrefs: 6C97237D
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4164432268.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true
                                                                          • Associated: 00000008.00000002.4164401397.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164484515.000000006C9B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164525565.000000006C9C8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4164546126.000000006C9CB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_6c960000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: caer$Full
                                                                          • String ID: Called caerEventPacketHeaderSetEventCapacity() with negative value!$EventPacket Header
                                                                          • API String ID: 1435167524-3822084014
                                                                          • Opcode ID: 96c47487885f641cd6386a0efc3605cae90541e300d1d92624342e1d2658276e
                                                                          • Instruction ID: d3ca249696ba1c39801659617c541e082ec55146ce6ddf34b079e9829d2a7de5
                                                                          • Opcode Fuzzy Hash: 96c47487885f641cd6386a0efc3605cae90541e300d1d92624342e1d2658276e
                                                                          • Instruction Fuzzy Hash: 54C012B460630177C708CF10D5A5F1E73906FD0A45F44195CB44D66E51F330D5149512
                                                                          Function 004258B0 Relevance: 5.2, Strings: 4, Instructions: 229COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $ = $%%15.%df$.txt
                                                                          • API String ID: 0-2756232146
                                                                          • Opcode ID: a9952447eab991bfd494646db14f775155482d2cb9315ee2d006a2835ac7fe6c
                                                                          • Instruction ID: ab337c655e41d3646ea9e252d8188dd81ae6360a2f4e2eaf2a209ed353fa4a81
                                                                          • Opcode Fuzzy Hash: a9952447eab991bfd494646db14f775155482d2cb9315ee2d006a2835ac7fe6c
                                                                          • Instruction Fuzzy Hash: 519182701083C29AD328DB65C899BAFBBD8BFD4314F444A1CF5D9562C2DB789609CB63
                                                                          Function 00411CC0 Relevance: 5.2, Strings: 4, Instructions: 219COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 16Bits$24Bits$Turntable16Bits.hps$Turntable24Bits.hps
                                                                          • API String ID: 0-803639171
                                                                          • Opcode ID: 788ae4f5f3ad3572800613ae650db57e834bdf6b726870e8e29fabc27e249c42
                                                                          • Instruction ID: b79788759661d09cbd53c2cda151dec67f13fff537fc8473e642781dae187390
                                                                          • Opcode Fuzzy Hash: 788ae4f5f3ad3572800613ae650db57e834bdf6b726870e8e29fabc27e249c42
                                                                          • Instruction Fuzzy Hash: 0481A3756043419BC708DF25EC81A6B7BABFB99710F00152DF64A8B3A1DBB49C81CFA5
                                                                          Function 0041F723 Relevance: 5.2, Strings: 4, Instructions: 200COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • ;B-Acoustic Parameters (1/1 Octave), xrefs: 0041F774
                                                                          • ;A-Acoustic Parameters (1/1 Octave), xrefs: 0041F736
                                                                          • ;B-Acoustic Parameters (1/3 Octave), xrefs: 0041F7C4
                                                                          • ;A-Acoustic Parameters (1/3 Octave), xrefs: 0041F7B6
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ;A-Acoustic Parameters (1/1 Octave)$;A-Acoustic Parameters (1/3 Octave)$;B-Acoustic Parameters (1/1 Octave)$;B-Acoustic Parameters (1/3 Octave)
                                                                          • API String ID: 0-3616783082
                                                                          • Opcode ID: 17f5f592b7da634751dda7097505a7b745e11aa8074e6c46cae6a4e6aac31265
                                                                          • Instruction ID: bad19436161250a81f1e4411031e8d76fdf818a352f0a274f89561c54a2a25ce
                                                                          • Opcode Fuzzy Hash: 17f5f592b7da634751dda7097505a7b745e11aa8074e6c46cae6a4e6aac31265
                                                                          • Instruction Fuzzy Hash: 3A61A0312087854AD328DA29C855BEFBBD5BBC4320F144B2DF4AA972D1DFB49A09C652
                                                                          Function 0041D480 Relevance: 5.1, Strings: 4, Instructions: 82COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (*.txt)|*.txt|$DDPArrayReport1$export$txt
                                                                          • API String ID: 0-1733485200
                                                                          • Opcode ID: cb89ab771b3e1c4a023eb9884ae4860c68cc98e2c4b170f8a8256d96d136beb8
                                                                          • Instruction ID: de02577a9fe4fe4b3de598135281cb12b1d897558aaa14e6746c1dde17832cde
                                                                          • Opcode Fuzzy Hash: cb89ab771b3e1c4a023eb9884ae4860c68cc98e2c4b170f8a8256d96d136beb8
                                                                          • Instruction Fuzzy Hash: 91318B701487C2AED32AEB21C846BAEBBDCBFD4704F04991DB1D9422D2DB745649CB23
                                                                          Function 00425740 Relevance: 5.1, Strings: 4, Instructions: 82COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.4160697580.0000000000401000.00000080.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000008.00000002.4160671373.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160860251.0000000000600000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000647000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.000000000064C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000654000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000676000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000008.00000002.4160902242.0000000000678000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_400000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (*.txt)|*.txt|$DDPreport1$export$txt
                                                                          • API String ID: 0-3929571699
                                                                          • Opcode ID: 5ecdf9e803aea2cefc0ab2f93231f9518a00d4639a236ecf27ded7a9b1ecbc6c
                                                                          • Instruction ID: 2a06922c0f32d00575376a3dfee4fc51c3dc7a10b0c3974beb8195fd6cfb57e1
                                                                          • Opcode Fuzzy Hash: 5ecdf9e803aea2cefc0ab2f93231f9518a00d4639a236ecf27ded7a9b1ecbc6c
                                                                          • Instruction Fuzzy Hash: B1318C341487C2AED329EB11C846BAABBDCBBD4704F44591DB1D9422D2CBB45648CB23

                                                                          Execution Graph

                                                                          Execution Coverage:1.2%
                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                          Signature Coverage:0%
                                                                          Total number of Nodes:1041
                                                                          Total number of Limit Nodes:27
                                                                          execution_graph 65503 6ce9591c 65504 6ce95b7c 65503->65504 65505 6ce95934 65503->65505 65506 6ce95c94 65504->65506 65507 6ce95b40 65504->65507 65515 6ce95946 65505->65515 65518 6ce959d1 Sleep 65505->65518 65508 6ce95c9d 65506->65508 65509 6ce956c4 VirtualAlloc 65506->65509 65513 6ce95b5a Sleep 65507->65513 65519 6ce95b9a 65507->65519 65511 6ce956ff 65509->65511 65512 6ce956ef 65509->65512 65510 6ce95955 65527 6ce95678 Sleep Sleep 65512->65527 65517 6ce95b70 Sleep 65513->65517 65513->65519 65515->65510 65516 6ce95a34 65515->65516 65521 6ce95a15 Sleep 65515->65521 65526 6ce95a40 65516->65526 65528 6ce955fc 65516->65528 65517->65507 65518->65515 65520 6ce959e7 Sleep 65518->65520 65522 6ce955fc VirtualAlloc 65519->65522 65523 6ce95bb8 65519->65523 65520->65505 65521->65516 65525 6ce95a2b Sleep 65521->65525 65522->65523 65525->65515 65527->65511 65532 6ce95590 65528->65532 65530 6ce95605 VirtualAlloc 65531 6ce9561c 65530->65531 65531->65526 65533 6ce95530 65532->65533 65533->65530 65534 6cf6f550 65535 6cf6f571 65534->65535 65552 6cebc3bc SetErrorMode 65535->65552 65555 6ce9ac7c 65552->65555 65556 6ce9ac80 LoadLibraryW 65555->65556 65557 6cf76ec0 65562 6cea16f8 65557->65562 65563 6cea1703 65562->65563 65567 6ce99be8 65563->65567 65565 6cea174a 65566 6ce99f48 11 API calls 65565->65566 65568 6ce99bfc GetCurrentThreadId 65567->65568 65569 6ce99bf7 65567->65569 65571 6ce99c32 65568->65571 65569->65568 65570 6ce99caa 65570->65565 65572 6ce99f6f 65570->65572 65573 6ce99f5e 65570->65573 65571->65570 65584 6ce99b7c 65571->65584 65575 6ce99f78 GetCurrentThreadId 65572->65575 65579 6ce99f85 65572->65579 65591 6ce99eb0 GetStdHandle WriteFile GetStdHandle WriteFile 65573->65591 65575->65579 65577 6ce99f68 65577->65572 65578 6ce96ee4 11 API calls 65578->65579 65579->65578 65580 6ce9a01f FreeLibrary 65579->65580 65581 6ce9a047 65579->65581 65580->65579 65582 6ce9a050 65581->65582 65583 6ce9a056 ExitProcess 65581->65583 65582->65583 65585 6ce99bc4 65584->65585 65586 6ce99b8c 65584->65586 65585->65570 65586->65585 65592 6cea0508 GetSystemInfo 65586->65592 65593 6cf76878 65586->65593 65607 6cf76970 65586->65607 65611 6cf76168 65586->65611 65591->65577 65592->65586 65594 6cf76896 65593->65594 65595 6cf76930 65593->65595 65705 6ce99d70 65594->65705 65597 6cf768a0 65598 6cf768c2 65597->65598 65720 6ce9a608 65597->65720 65711 6cec23f0 InitializeCriticalSection 65598->65711 65601 6cf768c7 65713 6ce9e638 65601->65713 65603 6cf7690e 65604 6ceba8f8 15 API calls 65603->65604 65605 6cf7692b 65604->65605 65606 6cebaab4 120 API calls 65605->65606 65606->65595 65608 6cf76a16 65607->65608 65609 6cf7698e 65607->65609 65762 6cecd6c4 65609->65762 65612 6cf76189 65611->65612 65693 6cf7658b 65611->65693 65613 6cf7619b GetVersionExW 65612->65613 65614 6cf761fa 65613->65614 65615 6cf76216 65614->65615 65616 6cf7620d GetNativeSystemInfo 65614->65616 65617 6cf76250 RegOpenKeyExW 65615->65617 65618 6cf7652c 65615->65618 65616->65615 65617->65618 65619 6cf76277 RegQueryValueExW 65617->65619 65817 6cea0440 75 API calls 65618->65817 65621 6cf762a1 65619->65621 65622 6cf762f0 RegQueryValueExW 65619->65622 65621->65622 65623 6cf762a7 RegQueryValueExW RegQueryValueExW 65621->65623 65624 6cf76405 RegQueryValueExW 65622->65624 65625 6cf76310 65622->65625 65623->65624 65629 6cf76427 65624->65629 65630 6cf7650c RegCloseKey 65624->65630 65625->65624 65638 6ce9adf0 11 API calls 65625->65638 65626 6cf7653b 65627 6cf766cb 65626->65627 65628 6cf76549 65626->65628 65631 6cf766d5 65627->65631 65632 6cf766dc 65627->65632 65633 6cf76550 65628->65633 65634 6cf765f8 65628->65634 65806 6ce9adf0 65629->65806 65630->65618 65635 6cf766d7 65631->65635 65636 6cf766ed 65631->65636 65833 6cea0440 75 API calls 65632->65833 65633->65693 65818 6cec2064 VerSetConditionMask VerifyVersionInfoW 65633->65818 65640 6cf76613 65634->65640 65641 6cf76602 65634->65641 65654 6cf7671c GetSystemMetrics 65635->65654 65662 6cf7670b 65635->65662 65635->65693 65834 6cea0440 75 API calls 65636->65834 65645 6cf76342 65638->65645 65642 6cf7662d 65640->65642 65643 6cf76619 65640->65643 65647 6cf76604 65641->65647 65648 6cf76641 65641->65648 65825 6cea0440 75 API calls 65642->65825 65824 6cea0440 75 API calls 65643->65824 65659 6cf7634e RegQueryValueExW 65645->65659 65646 6cf76454 65664 6cf76460 RegQueryValueExW 65646->65664 65655 6cf76607 65647->65655 65656 6cf7666f 65647->65656 65652 6cf76647 65648->65652 65653 6cf7665b 65648->65653 65826 6cea0440 75 API calls 65652->65826 65827 6cea0440 75 API calls 65653->65827 65665 6cf76727 65654->65665 65666 6cf76738 65654->65666 65655->65693 65830 6cec2064 VerSetConditionMask VerifyVersionInfoW 65655->65830 65657 6cf76675 65656->65657 65658 6cf76689 65656->65658 65828 6cea0440 75 API calls 65657->65828 65829 6cea0440 75 API calls 65658->65829 65815 6cebe864 59 API calls 65659->65815 65660 6cf7656c 65667 6cf765c4 65660->65667 65668 6cf76570 65660->65668 65835 6cea0440 75 API calls 65662->65835 65670 6cf7647e 65664->65670 65836 6cea0440 75 API calls 65665->65836 65837 6cea0440 75 API calls 65666->65837 65677 6cf765e4 65667->65677 65678 6cf765d0 65667->65678 65680 6cf76590 65668->65680 65681 6cf7657c 65668->65681 65685 6cf76482 RegQueryValueExW 65670->65685 65704 6cf764e2 65670->65704 65823 6cea0440 75 API calls 65677->65823 65822 6cea0440 75 API calls 65678->65822 65679 6cf766a2 65687 6cf766a6 65679->65687 65688 6cf766ba 65679->65688 65683 6cf765b0 65680->65683 65684 6cf7659c 65680->65684 65819 6cea0440 75 API calls 65681->65819 65821 6cea0440 75 API calls 65683->65821 65820 6cea0440 75 API calls 65684->65820 65691 6cf764a0 65685->65691 65685->65704 65831 6cea0440 75 API calls 65687->65831 65832 6cea0440 75 API calls 65688->65832 65700 6ce9adf0 11 API calls 65691->65700 65693->65586 65695 6ce9a218 11 API calls 65698 6cf76502 65695->65698 65698->65630 65699 6cf763dc 65699->65624 65702 6cf764b5 65700->65702 65701 6cf76387 65816 6ce9d22c 27 API calls 65701->65816 65703 6cf764c1 RegQueryValueExW 65702->65703 65703->65704 65704->65695 65706 6ce99d7c 65705->65706 65710 6ce99db3 65706->65710 65726 6ce99cb0 75 API calls 65706->65726 65727 6ce99d08 75 API calls 65706->65727 65728 6ce99d5c 75 API calls 65706->65728 65710->65597 65712 6cec2404 65711->65712 65712->65601 65714 6ce9e65a 65713->65714 65718 6ce9e66c 65713->65718 65729 6ce9e318 65714->65729 65752 6ce9a218 65718->65752 65722 6ce9a62a 65720->65722 65723 6ce9a60c 65720->65723 65721 6ce9a64e 65721->65598 65722->65721 65761 6ce96e38 11 API calls 65722->65761 65723->65722 65760 6ce971e0 11 API calls 65723->65760 65728->65706 65730 6ce9e335 65729->65730 65731 6ce9e349 GetModuleFileNameW 65730->65731 65732 6ce9e35e 65730->65732 65731->65732 65733 6ce9e386 RegOpenKeyExW 65732->65733 65746 6ce9e523 65732->65746 65734 6ce9e3ad RegOpenKeyExW 65733->65734 65735 6ce9e447 65733->65735 65734->65735 65738 6ce9e3cb RegOpenKeyExW 65734->65738 65756 6ce9e118 18 API calls 65735->65756 65738->65735 65740 6ce9e3e9 RegOpenKeyExW 65738->65740 65739 6ce9e463 RegQueryValueExW 65741 6ce9e4aa RegQueryValueExW 65739->65741 65742 6ce9e47d 65739->65742 65740->65735 65743 6ce9e407 RegOpenKeyExW 65740->65743 65744 6ce9e4a8 65741->65744 65745 6ce9e4c6 65741->65745 65748 6ce9e485 RegQueryValueExW 65742->65748 65743->65735 65747 6ce9e425 RegOpenKeyExW 65743->65747 65749 6ce9e510 RegCloseKey 65744->65749 65757 6ce96e38 11 API calls 65744->65757 65750 6ce9e4ce RegQueryValueExW 65745->65750 65758 6ce9a278 11 API calls 65746->65758 65747->65735 65747->65746 65748->65744 65749->65744 65750->65744 65753 6ce9a239 65752->65753 65754 6ce9a21e 65752->65754 65753->65718 65754->65753 65759 6ce96e38 11 API calls 65754->65759 65756->65739 65757->65749 65758->65746 65759->65753 65760->65722 65761->65721 65763 6cecd6cc 65762->65763 65763->65763 65764 6cecd80a 65763->65764 65795 6ce9a260 65763->65795 65805 6ce9a278 11 API calls 65764->65805 65767 6cecd824 65769 6ce9a260 SysFreeString 65767->65769 65770 6cecd82c 65769->65770 65772 6cecd71f 65799 6ceb123c 12 API calls 65772->65799 65774 6cecd73f 65775 6ce9a608 11 API calls 65774->65775 65776 6cecd74a 65775->65776 65800 6ceb1210 12 API calls 65776->65800 65778 6cecd760 65779 6ce9a608 11 API calls 65778->65779 65780 6cecd76b 65779->65780 65781 6ce9a260 SysFreeString 65780->65781 65782 6cecd773 65781->65782 65801 6cec4560 97 API calls 65782->65801 65784 6cecd793 65802 6ceb123c 12 API calls 65784->65802 65786 6cecd7b4 65787 6ce9a608 11 API calls 65786->65787 65788 6cecd7bf 65787->65788 65803 6ceb1210 12 API calls 65788->65803 65790 6cecd7d5 65791 6ce9a608 11 API calls 65790->65791 65793 6cecd7e0 65791->65793 65793->65764 65794 6ce9a608 11 API calls 65793->65794 65804 6ceb1acc 11 API calls 65793->65804 65794->65793 65796 6ce9a274 65795->65796 65797 6ce9a266 SysFreeString 65795->65797 65798 6cec4560 97 API calls 65796->65798 65797->65796 65798->65772 65799->65774 65800->65778 65801->65784 65802->65786 65803->65790 65804->65793 65805->65767 65807 6ce9adfd 65806->65807 65808 6ce9ae66 65806->65808 65810 6ce9ae40 65807->65810 65812 6ce9ae1a 65807->65812 65814 6ce9ae3d 65807->65814 65809 6ce9a23c 11 API calls 65808->65809 65809->65814 65810->65808 65842 6ce971e0 11 API calls 65810->65842 65812->65814 65838 6ce9a23c 65812->65838 65814->65646 65815->65701 65816->65699 65817->65626 65818->65660 65819->65693 65820->65693 65821->65693 65822->65693 65823->65693 65824->65693 65825->65693 65826->65693 65827->65693 65828->65693 65829->65693 65830->65679 65831->65693 65832->65693 65833->65693 65834->65693 65835->65693 65836->65693 65837->65693 65839 6ce9a242 65838->65839 65841 6ce9a25d 65838->65841 65839->65841 65843 6ce96e38 11 API calls 65839->65843 65841->65814 65842->65808 65843->65841 65844 6ce9d790 65845 6ce9d7bc 65844->65845 65846 6ce9d7a0 GetModuleFileNameW 65844->65846 65848 6ce9ea44 GetModuleFileNameW 65846->65848 65849 6ce9ea92 65848->65849 65856 6ce9e920 65849->65856 65857 6ce9e941 65856->65857 65858 6ce9a218 11 API calls 65857->65858 65859 6ce9e95e 65858->65859 65862 6ce9e9c7 65859->65862 65881 6ce9a650 65859->65881 65925 6ce9a278 11 API calls 65862->65925 65863 6ce9e9a2 65864 6ce9e638 48 API calls 65863->65864 65866 6ce9e9b4 65864->65866 65868 6ce9e9c9 GetUserDefaultUILanguage 65866->65868 65869 6ce9e9ba 65866->65869 65885 6ce9dfd0 EnterCriticalSection 65868->65885 65913 6ce9e76c 65869->65913 65872 6ce9e9d6 65873 6ce9e76c 13 API calls 65872->65873 65874 6ce9e9e3 65873->65874 65875 6ce9ea0b 65874->65875 65876 6ce9e9f1 GetSystemDefaultUILanguage 65874->65876 65875->65862 65877 6ce9e850 15 API calls 65875->65877 65878 6ce9dfd0 28 API calls 65876->65878 65877->65862 65879 6ce9e9fe 65878->65879 65880 6ce9e76c 13 API calls 65879->65880 65880->65875 65883 6ce9a654 65881->65883 65882 6ce9a67a 65882->65863 65909 6ce9b09c 65882->65909 65883->65882 65926 6ce96e38 11 API calls 65883->65926 65886 6ce9e01c LeaveCriticalSection 65885->65886 65887 6ce9dffc 65885->65887 65888 6ce9a218 11 API calls 65886->65888 65889 6ce9e00d LeaveCriticalSection 65887->65889 65890 6ce9e02d IsValidLocale 65888->65890 65901 6ce9e0be 65889->65901 65891 6ce9e08b EnterCriticalSection 65890->65891 65892 6ce9e03c 65890->65892 65893 6ce9e0a3 65891->65893 65894 6ce9e050 65892->65894 65895 6ce9e045 65892->65895 65902 6ce9e0b4 LeaveCriticalSection 65893->65902 65928 6ce9dcb4 14 API calls 65894->65928 65927 6ce9deb4 17 API calls 65895->65927 65898 6ce9a218 11 API calls 65898->65901 65899 6ce9e04e 65899->65891 65901->65898 65902->65901 65910 6ce9b0a7 65909->65910 65929 6ce9a3b0 65910->65929 65914 6ce9e78b 65913->65914 65915 6ce9a218 11 API calls 65914->65915 65921 6ce9e7a9 65915->65921 65916 6ce9e813 65917 6ce9a218 11 API calls 65916->65917 65920 6ce9e81b 65917->65920 65918 6ce9a218 11 API calls 65918->65920 65919 6ce9b09c 11 API calls 65919->65921 65920->65918 65959 6ce9a278 11 API calls 65920->65959 65921->65916 65921->65919 65921->65920 65936 6ce9aecc 65921->65936 65953 6ce9e6fc 65921->65953 65925->65862 65926->65882 65927->65899 65930 6ce9a3c0 65929->65930 65931 6ce9a3d3 65930->65931 65935 6ce971e0 11 API calls 65930->65935 65933 6ce9a23c 11 API calls 65931->65933 65934 6ce9a3da 65933->65934 65934->65863 65935->65931 65937 6ce9af3e 65936->65937 65938 6ce9aed0 65936->65938 65939 6ce9aed8 65938->65939 65942 6ce9a608 65938->65942 65939->65937 65941 6ce9a608 11 API calls 65939->65941 65945 6ce9aee7 65939->65945 65940 6ce9a64e 65940->65921 65941->65945 65943 6ce9a62a 65942->65943 65960 6ce971e0 11 API calls 65942->65960 65943->65940 65961 6ce96e38 11 API calls 65943->65961 65945->65937 65962 6ce971e0 11 API calls 65945->65962 65948 6ce9af18 65963 6ce971e0 11 API calls 65948->65963 65950 6ce9af2b 65951 6ce9a608 11 API calls 65950->65951 65952 6ce9af3a 65951->65952 65952->65921 65954 6ce9e711 65953->65954 65955 6ce9e72e FindFirstFileW 65954->65955 65956 6ce9e73e FindClose 65955->65956 65958 6ce9e744 65955->65958 65956->65958 65957 6ce9a218 11 API calls 65957->65958 65958->65957 65959->65920 65960->65943 65961->65940 65962->65948 65963->65950 65964 6ce91000 65973 6ce932fd 65964->65973 65966 6ce9101b 65967 6ce9108f VirtualAlloc 65966->65967 65968 6ce910bd 65967->65968 65979 6ce9223b 65968->65979 65970 6ce910d8 65971 6ce9114b VirtualProtect 65970->65971 65972 6ce91162 65970->65972 65971->65970 65974 6ce93308 65973->65974 65985 6ce93186 65974->65985 65977 6ce93434 65977->65966 65978 6ce933c8 65989 6ce93082 65978->65989 65980 6ce9224d 65979->65980 65981 6ce9228c 65980->65981 65982 6ce922be GetModuleHandleA 65980->65982 65984 6ce92362 GetProcAddress 65980->65984 65981->65970 65982->65980 65983 6ce922d9 LoadLibraryA 65982->65983 65983->65980 65984->65980 65986 6ce93191 65985->65986 65987 6ce931a1 GetFileAttributesW 65986->65987 65988 6ce931b5 65987->65988 65988->65978 65990 6ce9308d 65989->65990 65991 6ce930f7 CreateFileW 65990->65991 65992 6ce93121 SetFilePointerEx 65991->65992 65994 6ce9311d 65991->65994 65993 6ce9314a GlobalAlloc ReadFile 65992->65993 65992->65994 65993->65994 65994->65977 65995 6c9d2447 65996 6c9d2456 __EH_prolog3_GS 65995->65996 65997 6c9d247d 65996->65997 65998 6c9d3149 65996->65998 65999 6c9d2488 65997->65999 66000 6c9d2bd5 65997->66000 66001 6c9d2566 65998->66001 66002 6c9d3152 KillTimer 65998->66002 66003 6c9d25a4 65999->66003 66004 6c9d2493 65999->66004 66305 6c9d1bc6 66000->66305 66009 6c9d111e 26 API calls 66001->66009 66002->66001 66010 6c9d25d1 66003->66010 66547 6c9d1708 IsDlgButtonChecked 66003->66547 66006 6c9d249e 66004->66006 66007 6c9d2579 66004->66007 66006->66001 66545 6c9d423f lstrlen 66006->66545 66007->66001 66013 6c9d2588 EndDialog 66007->66013 66008 6c9d2c19 66315 6c9d1ba0 66008->66315 66014 6c9d3168 66009->66014 66300 6c9d1708 IsDlgButtonChecked 66010->66300 66013->66001 66609 6c9d5ff7 66014->66609 66016 6c9d25d7 66301 6c9d16cf 66016->66301 66020 6c9d25b8 66020->66010 66025 6c9d25bc KillTimer 66020->66025 66022 6c9d24b1 66022->66001 66026 6c9d24b9 GetDlgItem 66022->66026 66025->66010 66029 6c9d24dd GetDlgItem 66026->66029 66044 6c9d24d3 66026->66044 66028 6c9d264a 66031 6c9d2b2b 66028->66031 66034 6c9d2666 66028->66034 66032 6c9d24ee GetDlgItem 66029->66032 66029->66044 66043 6c9d2ba4 66031->66043 66050 6c9d2b79 66031->66050 66051 6c9d2b4b 66031->66051 66035 6c9d24ff GetDlgItem IsWindowEnabled 66032->66035 66032->66044 66047 6c9d2b0f 66034->66047 66048 6c9d267b 66034->66048 66071 6c9d28a6 66034->66071 66038 6c9d2528 GetDlgItem IsWindowEnabled 66035->66038 66039 6c9d2517 GetDlgItem 66035->66039 66036 6c9d2c38 66325 6c9d15b6 66036->66325 66037 6c9d2c50 66332 6c9d18c6 SendDlgItemMessageA 66037->66332 66038->66001 66046 6c9d2544 GetDlgItem 66038->66046 66039->66038 66039->66044 66043->66001 66052 6c9d2bbe 66043->66052 66056 6c9d31c2 53 API calls 66043->66056 66546 6c9d1927 SetBkColor SetTextColor SetDCBrushColor GetStockObject 66044->66546 66046->66001 66046->66044 66047->66001 66588 6c9d1725 GetDlgItemTextA SetDlgItemTextA SendDlgItemMessageA 66047->66588 66059 6c9d26aa 66048->66059 66060 6c9d268a 66048->66060 66048->66071 66049 6c9d2c5c 66333 6c9d18c6 SendDlgItemMessageA 66049->66333 66050->66001 66063 6c9d2b93 66050->66063 66589 6c9d32d6 53 API calls __EH_prolog3_GS 66050->66589 66051->66001 66051->66043 66057 6c9d2b58 66051->66057 66590 6c9d1708 IsDlgButtonChecked 66052->66590 66056->66052 66057->66001 66076 6c9d347b 65 API calls 66057->66076 66550 6c9d1708 IsDlgButtonChecked 66059->66550 66060->66001 66067 6c9d2698 66060->66067 66062 6c9d2c6b 66334 6c9d18c6 SendDlgItemMessageA 66062->66334 66073 6c9d16cf 2 API calls 66063->66073 66065 6c9d2636 66074 6c9d16cf 2 API calls 66065->66074 66549 6c9d4503 60 API calls 2 library calls 66067->66549 66071->66001 66566 6c9d4288 58 API calls __EH_prolog3_GS 66071->66566 66072 6c9d2c77 66335 6c9d18e6 SendDlgItemMessageA 66072->66335 66073->66001 66074->66028 66075 6c9d26b4 66079 6c9d26bc 66075->66079 66080 6c9d28e8 66075->66080 66076->66001 66079->66071 66084 6c9d26e2 66079->66084 66551 6c9d4288 58 API calls __EH_prolog3_GS 66079->66551 66567 6c9d1708 IsDlgButtonChecked 66080->66567 66082 6c9d26a5 66082->66001 66083 6c9d2c83 66336 6c9d18e6 SendDlgItemMessageA 66083->66336 66084->66001 66088 6c9d2700 66084->66088 66552 6c9d4415 56 API calls __EH_prolog3_GS 66084->66552 66085 6c9d28ee 66089 6c9d296b 66085->66089 66102 6c9d28f2 66085->66102 66088->66001 66088->66071 66094 6c9d2807 66088->66094 66095 6c9d2733 GetDlgItemInt 66088->66095 66570 6c9d1708 IsDlgButtonChecked 66089->66570 66090 6c9d2c8d 66337 6c9d18e6 SendDlgItemMessageA 66090->66337 66094->66071 66563 6c9d1809 29 API calls 2 library calls 66094->66563 66100 6c9d277b 66095->66100 66101 6c9d2750 66095->66101 66096 6c9d292f 66096->66071 66569 6c9d4415 56 API calls __EH_prolog3_GS 66096->66569 66097 6c9d2c98 66338 6c9d18e6 SendDlgItemMessageA 66097->66338 66099 6c9d29ce 66099->66001 66576 6c9d1708 IsDlgButtonChecked 66099->66576 66556 6c9d1809 29 API calls 2 library calls 66100->66556 66108 6c9d15b6 28 API calls 66101->66108 66102->66071 66102->66096 66115 6c9d2926 66102->66115 66104 6c9d2ca3 66339 6c9d18e6 SendDlgItemMessageA 66104->66339 66113 6c9d275c 66108->66113 66109 6c9d283a 66564 6c9d2054 28 API calls __EH_prolog3 66109->66564 66111 6c9d2975 66111->66099 66112 6c9d29a3 66111->66112 66571 6c9d4288 58 API calls __EH_prolog3_GS 66111->66571 66112->66001 66572 6c9d41d7 66112->66572 66553 6c9d189c SetDlgItemTextA 66113->66553 66114 6c9d27a6 66557 6c9d2054 28 API calls __EH_prolog3 66114->66557 66568 6c9d4415 56 API calls __EH_prolog3_GS 66115->66568 66119 6c9d2cae 66123 6c9d2d23 66119->66123 66130 6c9d195a 2 API calls 66119->66130 66122 6c9d2841 66146 6c9d284e 66122->66146 66565 6c9d216c 28 API calls 66122->66565 66136 6c9d2d40 66123->66136 66340 6c9d1905 GetDlgItem KiUserCallbackDispatcher 66123->66340 66127 6c9d27ad 66558 6c9d1e97 45 API calls 66127->66558 66128 6c9d29f4 66128->66001 66129 6c9d2a2a 66128->66129 66577 6c9d4288 58 API calls __EH_prolog3_GS 66128->66577 66129->66001 66578 6c9d1809 29 API calls 2 library calls 66129->66578 66134 6c9d2cc6 66130->66134 66131 6c9d15b6 28 API calls 66137 6c9d29c9 66131->66137 66142 6c9d195a 2 API calls 66134->66142 66341 6c9d1977 66136->66341 66575 6c9d1dd4 52 API calls __EH_prolog3 66137->66575 66138 6c9d27b8 66144 6c9d27c1 GetDlgItem SetFocus 66138->66144 66145 6c9d27e2 lstrcpy 66138->66145 66141 6c9d2a4a 66579 6c9d1353 26 API calls 66141->66579 66149 6c9d2ccc 66142->66149 66559 6c9d111e 66144->66559 66153 6c9d111e 26 API calls 66145->66153 66150 6c9d111e 26 API calls 66146->66150 66591 6c9d169d GetWindowRect GetDlgItem 66149->66591 66157 6c9d2881 lstrcpy 66150->66157 66153->66094 66155 6c9d2a56 66158 6c9d111e 26 API calls 66155->66158 66160 6c9d111e 26 API calls 66157->66160 66163 6c9d2a5e 66158->66163 66159 6c9d2cd6 66592 6c9d169d GetWindowRect GetDlgItem 66159->66592 66160->66071 66161 6c9d2d55 66162 6c9d195a 2 API calls 66161->66162 66167 6c9d2d5f 66162->66167 66165 6c9d2ad8 66163->66165 66580 6c9d20aa 41 API calls 66163->66580 66170 6c9d41d7 2 API calls 66165->66170 66166 6c9d2ced GetDlgItem SetWindowPos 66166->66123 66168 6c9d195a 2 API calls 66167->66168 66173 6c9d2d69 66168->66173 66171 6c9d2afa 66170->66171 66174 6c9d15b6 28 API calls 66171->66174 66172 6c9d2a70 66172->66165 66177 6c9d41d7 2 API calls 66172->66177 66175 6c9d1977 2 API calls 66173->66175 66176 6c9d2b02 66174->66176 66178 6c9d2d73 66175->66178 66587 6c9d1d91 52 API calls __EH_prolog3 66176->66587 66179 6c9d2a8a 66177->66179 66181 6c9d2d90 66178->66181 66348 6c9d1905 GetDlgItem KiUserCallbackDispatcher 66178->66348 66182 6c9d15b6 28 API calls 66179->66182 66183 6c9d195a 2 API calls 66181->66183 66184 6c9d2a92 66182->66184 66186 6c9d2d9a 66183->66186 66581 6c9d1dd4 52 API calls __EH_prolog3 66184->66581 66188 6c9d195a 2 API calls 66186->66188 66190 6c9d2da4 66188->66190 66189 6c9d2a97 66189->66001 66582 6c9d13fa 66189->66582 66191 6c9d195a 2 API calls 66190->66191 66193 6c9d2dae 66191->66193 66195 6c9d195a 2 API calls 66193->66195 66194 6c9d2ab6 66586 6c9e0cf5 41 API calls 66194->66586 66200 6c9d2db9 66195->66200 66197 6c9d2acb 66198 6c9d111e 26 API calls 66197->66198 66198->66165 66199 6c9d2dd0 66202 6c9d2ddc CheckDlgButton 66199->66202 66203 6c9d2df9 66199->66203 66200->66199 66349 6c9d1999 66200->66349 66204 6c9d1977 2 API calls 66202->66204 66205 6c9d2e9d 66203->66205 66211 6c9d2e0b 66203->66211 66209 6c9d2df4 66204->66209 66207 6c9d1999 2 API calls 66205->66207 66206 6c9d2dc9 66593 6c9d1905 GetDlgItem KiUserCallbackDispatcher 66206->66593 66212 6c9d2ea4 66207->66212 66216 6c9d30ca 66209->66216 66219 6c9d1999 2 API calls 66209->66219 66210 6c9d2e1f 66214 6c9d2e99 CheckDlgButton 66210->66214 66218 6c9d2e6a 66210->66218 66223 6c9d41d7 2 API calls 66210->66223 66211->66210 66213 6c9d1999 2 API calls 66211->66213 66595 6c9d1905 GetDlgItem KiUserCallbackDispatcher 66212->66595 66213->66210 66214->66209 66222 6c9d2ee7 66214->66222 66220 6c9d30df 66216->66220 66221 6c9d30d8 66216->66221 66218->66214 66226 6c9d1999 2 API calls 66218->66226 66227 6c9d3067 66219->66227 66225 6c9d195a 2 API calls 66220->66225 66352 6c9d31c2 66221->66352 66228 6c9d1977 2 API calls 66222->66228 66229 6c9d2e49 66223->66229 66232 6c9d30e9 66225->66232 66234 6c9d2e83 66226->66234 66230 6c9d1999 2 API calls 66227->66230 66233 6c9d2ef1 66228->66233 66235 6c9d15b6 28 API calls 66229->66235 66238 6c9d3071 66230->66238 66231 6c9d30dd 66396 6c9d33b9 66231->66396 66236 6c9d195a 2 API calls 66232->66236 66239 6c9d2fc9 66233->66239 66240 6c9d2f03 66233->66240 66237 6c9d1999 2 API calls 66234->66237 66241 6c9d2e51 66235->66241 66244 6c9d30f3 66236->66244 66247 6c9d2e8e 66237->66247 66606 6c9d1905 GetDlgItem KiUserCallbackDispatcher 66238->66606 66602 6c9d19b6 GetDlgItem ShowWindow 66239->66602 66596 6c9d19b6 GetDlgItem ShowWindow 66240->66596 66242 6c9d189c 27 API calls 66241->66242 66249 6c9d2e5c 66242->66249 66250 6c9d195a 2 API calls 66244->66250 66251 6c9d1999 2 API calls 66247->66251 66257 6c9d1999 2 API calls 66249->66257 66259 6c9d30fd 66250->66259 66251->66214 66253 6c9d3078 66607 6c9d1905 GetDlgItem KiUserCallbackDispatcher 66253->66607 66254 6c9d2fc7 66603 6c9d18c6 SendDlgItemMessageA 66254->66603 66255 6c9d2f0d 66597 6c9d18c6 SendDlgItemMessageA 66255->66597 66262 6c9d2e63 66257->66262 66263 6c9d195a 2 API calls 66259->66263 66594 6c9d1905 GetDlgItem KiUserCallbackDispatcher 66262->66594 66263->66231 66264 6c9d3111 66264->66001 66276 6c9d3121 SetTimer 66264->66276 66265 6c9d307f 66265->66216 66273 6c9d15b6 28 API calls 66265->66273 66266 6c9d2fe0 66269 6c9d2ffa 66266->66269 66270 6c9d2ff3 66266->66270 66267 6c9d2f1a 66598 6c9d18c6 SendDlgItemMessageA 66267->66598 66272 6c9d1977 2 API calls 66269->66272 66604 6c9d19b6 GetDlgItem ShowWindow 66270->66604 66280 6c9d2ff8 66272->66280 66277 6c9d309d 66273->66277 66275 6c9d2f25 66599 6c9d1905 GetDlgItem KiUserCallbackDispatcher 66275->66599 66276->66001 66278 6c9d189c 27 API calls 66277->66278 66281 6c9d30a3 66278->66281 66280->66209 66605 6c9d1905 GetDlgItem KiUserCallbackDispatcher 66280->66605 66281->66216 66608 6c9d18e6 SendDlgItemMessageA 66281->66608 66282 6c9d2f49 66600 6c9d1905 GetDlgItem KiUserCallbackDispatcher 66282->66600 66285 6c9d3032 66287 6c9d15b6 28 API calls 66285->66287 66289 6c9d3047 66287->66289 66288 6c9d2f6d 66290 6c9d2f83 66288->66290 66601 6c9d1881 SetDlgItemInt 66288->66601 66291 6c9d189c 27 API calls 66289->66291 66293 6c9d15b6 28 API calls 66290->66293 66291->66209 66294 6c9d2f96 66293->66294 66295 6c9d2fbb 66294->66295 66296 6c9d15b6 28 API calls 66294->66296 66297 6c9d111e 26 API calls 66295->66297 66298 6c9d2fb5 66296->66298 66297->66254 66299 6c9d189c 27 API calls 66298->66299 66299->66295 66300->66016 66302 6c9d16df 66301->66302 66303 6c9d1701 66301->66303 66304 6c9d16e4 GetDlgItem KiUserCallbackDispatcher 66302->66304 66303->66028 66548 6c9d1708 IsDlgButtonChecked 66303->66548 66304->66303 66304->66304 66309 6c9d1bf3 66305->66309 66311 6c9d1c45 BuildCatchObjectHelperInternal 66305->66311 66306 6c9d1cb0 66614 6c9d1cb6 28 API calls std::_Xinvalid_argument 66306->66614 66309->66306 66310 6c9d1c24 66309->66310 66612 6c9d10f2 26 API calls 2 library calls 66309->66612 66310->66306 66310->66311 66313 6c9d1c3c 66310->66313 66311->66008 66613 6c9d14dc 28 API calls 66313->66613 66316 6c9d1ba8 66315->66316 66317 6c9d1bb8 66315->66317 66615 6c9d10f2 26 API calls 2 library calls 66316->66615 66319 6c9d1a45 66317->66319 66320 6c9d1a8c 66319->66320 66321 6c9d1a4e GetModuleHandleA CreateWindowExA SetWindowPos 66319->66321 66322 6c9d1631 GetWindowRect GetSystemMetrics GetSystemMetrics SetWindowPos 66320->66322 66321->66320 66616 6c9d5637 66322->66616 66324 6c9d169b KiUserCallbackDispatcher 66324->66036 66324->66037 66326 6c9d15d2 _strlen 66325->66326 66624 6c9d156d 66326->66624 66328 6c9d15de 66329 6c9d19d9 SetWindowTextA 66328->66329 66330 6c9d111e 26 API calls 66329->66330 66331 6c9d19fc 66330->66331 66331->66037 66332->66049 66333->66062 66334->66072 66335->66083 66336->66090 66337->66097 66338->66104 66339->66119 66340->66123 66344 6c9d1985 66341->66344 66342 6c9d1993 66345 6c9d195a 66342->66345 66343 6c9d195a 2 API calls 66343->66344 66344->66342 66344->66343 66629 6c9d17f3 GetDlgItem 66345->66629 66347 6c9d196c ShowWindow 66347->66161 66348->66178 66630 6c9d17f3 GetDlgItem 66349->66630 66351 6c9d19ab ShowWindow 66351->66206 66353 6c9d31ce __EH_prolog3_GS 66352->66353 66354 6c9d41d7 2 API calls 66353->66354 66355 6c9d31db 66354->66355 66356 6c9d15b6 28 API calls 66355->66356 66357 6c9d31e3 66356->66357 66358 6c9d189c 27 API calls 66357->66358 66359 6c9d31ed 66358->66359 66360 6c9d41d7 2 API calls 66359->66360 66361 6c9d31fa 66360->66361 66362 6c9d15b6 28 API calls 66361->66362 66363 6c9d3202 66362->66363 66364 6c9d189c 27 API calls 66363->66364 66365 6c9d320c 66364->66365 66366 6c9d323e 66365->66366 66367 6c9d3219 66365->66367 66368 6c9d324c 66366->66368 66369 6c9d3276 66366->66369 66370 6c9d4b6f 50 API calls 66367->66370 66631 6c9d4b6f 66368->66631 66635 6c9d4b94 50 API calls 66369->66635 66373 6c9d3223 66370->66373 66376 6c9d189c 27 API calls 66373->66376 66375 6c9d327e 66377 6c9d4b6f 50 API calls 66375->66377 66378 6c9d322d 66376->66378 66382 6c9d328b 66377->66382 66380 6c9d15b6 28 API calls 66378->66380 66379 6c9d189c 27 API calls 66381 6c9d3260 66379->66381 66383 6c9d323c 66380->66383 66634 6c9d4b94 50 API calls 66381->66634 66636 6c9d1e1f 66382->66636 66386 6c9d189c 27 API calls 66383->66386 66388 6c9d3274 66386->66388 66391 6c9d5ff7 5 API calls 66388->66391 66389 6c9d189c 27 API calls 66390 6c9d32c0 66389->66390 66392 6c9d111e 26 API calls 66390->66392 66393 6c9d32d5 66391->66393 66394 6c9d32c8 66392->66394 66393->66231 66395 6c9d111e 26 API calls 66394->66395 66395->66388 66397 6c9d195a 2 API calls 66396->66397 66398 6c9d33c9 66397->66398 66399 6c9d310c 66398->66399 66400 6c9d1999 2 API calls 66398->66400 66405 6c9d347b 66399->66405 66401 6c9d33e4 GetDlgItem SendMessageA 66400->66401 66402 6c9d3415 GetDlgItem SendMessageA 66401->66402 66403 6c9d3454 GetDlgItem SendMessageA 66401->66403 66402->66402 66404 6c9d3452 66402->66404 66403->66399 66404->66403 66406 6c9d41d7 2 API calls 66405->66406 66407 6c9d348f 66406->66407 66408 6c9d15b6 28 API calls 66407->66408 66409 6c9d3497 66408->66409 66410 6c9d189c 27 API calls 66409->66410 66411 6c9d34a1 66410->66411 66412 6c9d41d7 2 API calls 66411->66412 66413 6c9d34ae 66412->66413 66414 6c9d15b6 28 API calls 66413->66414 66415 6c9d34b6 66414->66415 66416 6c9d189c 27 API calls 66415->66416 66417 6c9d34c0 66416->66417 66418 6c9d41d7 2 API calls 66417->66418 66419 6c9d34cd 66418->66419 66420 6c9d15b6 28 API calls 66419->66420 66421 6c9d34d5 66420->66421 66422 6c9d189c 27 API calls 66421->66422 66423 6c9d34df 66422->66423 66424 6c9d41d7 2 API calls 66423->66424 66425 6c9d34ec 66424->66425 66426 6c9d15b6 28 API calls 66425->66426 66427 6c9d34f4 66426->66427 66428 6c9d189c 27 API calls 66427->66428 66429 6c9d34fe 66428->66429 66430 6c9d41d7 2 API calls 66429->66430 66431 6c9d350b 66430->66431 66432 6c9d15b6 28 API calls 66431->66432 66433 6c9d3513 66432->66433 66434 6c9d189c 27 API calls 66433->66434 66435 6c9d351d 66434->66435 66436 6c9d41d7 2 API calls 66435->66436 66437 6c9d352a 66436->66437 66438 6c9d15b6 28 API calls 66437->66438 66439 6c9d3532 66438->66439 66440 6c9d189c 27 API calls 66439->66440 66441 6c9d353d 66440->66441 66442 6c9d41d7 2 API calls 66441->66442 66443 6c9d354a 66442->66443 66444 6c9d15b6 28 API calls 66443->66444 66445 6c9d3552 66444->66445 66446 6c9d189c 27 API calls 66445->66446 66447 6c9d355c 66446->66447 66448 6c9d41d7 2 API calls 66447->66448 66449 6c9d3569 66448->66449 66450 6c9d15b6 28 API calls 66449->66450 66451 6c9d3571 66450->66451 66452 6c9d189c 27 API calls 66451->66452 66453 6c9d357b 66452->66453 66454 6c9d41d7 2 API calls 66453->66454 66455 6c9d3588 66454->66455 66456 6c9d15b6 28 API calls 66455->66456 66457 6c9d3590 66456->66457 66458 6c9d189c 27 API calls 66457->66458 66459 6c9d359a 66458->66459 66460 6c9d41d7 2 API calls 66459->66460 66461 6c9d35a7 66460->66461 66462 6c9d15b6 28 API calls 66461->66462 66463 6c9d35af 66462->66463 66464 6c9d189c 27 API calls 66463->66464 66465 6c9d35b9 66464->66465 66466 6c9d41d7 2 API calls 66465->66466 66467 6c9d35c6 66466->66467 66468 6c9d15b6 28 API calls 66467->66468 66469 6c9d35ce 66468->66469 66470 6c9d189c 27 API calls 66469->66470 66471 6c9d35d8 66470->66471 66472 6c9d41d7 2 API calls 66471->66472 66473 6c9d35e5 66472->66473 66474 6c9d15b6 28 API calls 66473->66474 66475 6c9d35ed 66474->66475 66476 6c9d189c 27 API calls 66475->66476 66477 6c9d35f7 66476->66477 66478 6c9d41d7 2 API calls 66477->66478 66479 6c9d3604 66478->66479 66480 6c9d15b6 28 API calls 66479->66480 66481 6c9d360c 66480->66481 66482 6c9d189c 27 API calls 66481->66482 66483 6c9d3616 66482->66483 66484 6c9d41d7 2 API calls 66483->66484 66485 6c9d3623 66484->66485 66486 6c9d15b6 28 API calls 66485->66486 66487 6c9d362b 66486->66487 66488 6c9d189c 27 API calls 66487->66488 66489 6c9d3635 66488->66489 66490 6c9d41d7 2 API calls 66489->66490 66491 6c9d3642 66490->66491 66492 6c9d15b6 28 API calls 66491->66492 66493 6c9d364a 66492->66493 66494 6c9d189c 27 API calls 66493->66494 66495 6c9d3654 66494->66495 66496 6c9d41d7 2 API calls 66495->66496 66497 6c9d3661 66496->66497 66498 6c9d15b6 28 API calls 66497->66498 66499 6c9d3669 66498->66499 66500 6c9d189c 27 API calls 66499->66500 66501 6c9d3673 66500->66501 66502 6c9d36e6 66501->66502 66503 6c9d367f 66501->66503 66504 6c9d41d7 2 API calls 66502->66504 66505 6c9d41d7 2 API calls 66503->66505 66506 6c9d3700 66504->66506 66507 6c9d376e 66505->66507 66508 6c9d15b6 28 API calls 66506->66508 66509 6c9d15b6 28 API calls 66507->66509 66510 6c9d3708 66508->66510 66511 6c9d3776 66509->66511 66512 6c9d189c 27 API calls 66510->66512 66513 6c9d189c 27 API calls 66511->66513 66514 6c9d3712 66512->66514 66515 6c9d3743 66513->66515 66514->66515 66516 6c9d41d7 2 API calls 66514->66516 66517 6c9d37c8 66515->66517 66518 6c9d37b5 66515->66518 66527 6c9d3804 66515->66527 66519 6c9d372d 66516->66519 66709 6c9d1881 SetDlgItemInt 66517->66709 66520 6c9d15b6 28 API calls 66518->66520 66522 6c9d15b6 28 API calls 66519->66522 66524 6c9d37c0 66520->66524 66521 6c9d38a9 66694 6c9d38b6 66521->66694 66528 6c9d3735 66522->66528 66523 6c9d3860 66523->66521 66525 6c9d1977 2 API calls 66523->66525 66529 6c9d189c 27 API calls 66524->66529 66525->66521 66527->66523 66710 6c9d1881 SetDlgItemInt 66527->66710 66533 6c9d189c 27 API calls 66528->66533 66534 6c9d37c6 66529->66534 66536 6c9d373b 66533->66536 66537 6c9d3806 66534->66537 66538 6c9d37f3 66534->66538 66535 6c9d3848 66535->66523 66711 6c9d1881 SetDlgItemInt 66535->66711 66708 6c9d1905 GetDlgItem KiUserCallbackDispatcher 66536->66708 66693 6c9d1881 SetDlgItemInt 66537->66693 66542 6c9d15b6 28 API calls 66538->66542 66543 6c9d37fe 66542->66543 66544 6c9d189c 27 API calls 66543->66544 66544->66527 66545->66022 66546->66001 66547->66020 66548->66065 66549->66082 66550->66075 66551->66084 66552->66088 66554 6c9d111e 26 API calls 66553->66554 66555 6c9d18c2 GetDlgItem SetFocus 66554->66555 66555->66001 66556->66114 66557->66127 66558->66138 66560 6c9d1129 66559->66560 66561 6c9d1132 66559->66561 66734 6c9d10f2 26 API calls 2 library calls 66560->66734 66561->66001 66563->66109 66564->66122 66565->66146 66566->66071 66567->66085 66568->66071 66569->66071 66570->66111 66571->66112 66735 6c9d4189 66572->66735 66575->66099 66576->66128 66577->66129 66578->66141 66579->66155 66580->66172 66581->66189 66583 6c9d1415 66582->66583 66585 6c9d1427 66583->66585 66740 6c9d14dc 28 API calls 66583->66740 66585->66194 66586->66197 66587->66001 66588->66001 66589->66063 66590->66063 66591->66159 66592->66166 66593->66199 66594->66218 66595->66214 66596->66255 66597->66267 66598->66275 66599->66282 66600->66288 66601->66290 66602->66254 66603->66266 66604->66280 66605->66285 66606->66253 66607->66265 66608->66216 66610 6c9d5637 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 66609->66610 66611 6c9d6002 66610->66611 66611->66611 66612->66310 66613->66311 66615->66317 66617 6c9d5640 66616->66617 66618 6c9d5642 IsProcessorFeaturePresent 66616->66618 66617->66324 66620 6c9d5857 66618->66620 66623 6c9d581b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 66620->66623 66622 6c9d593a 66622->66324 66623->66622 66625 6c9d15a0 66624->66625 66626 6c9d157c BuildCatchObjectHelperInternal 66624->66626 66625->66626 66628 6c9d1502 28 API calls 2 library calls 66625->66628 66626->66328 66628->66626 66629->66347 66630->66351 66632 6c9d1e1f 50 API calls 66631->66632 66633 6c9d3256 66632->66633 66633->66379 66634->66383 66635->66375 66637 6c9d1e2c ___scrt_fastfail 66636->66637 66644 6c9d137c 66637->66644 66640 6c9d15b6 28 API calls 66641 6c9d1e87 66640->66641 66642 6c9d5637 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 66641->66642 66643 6c9d1e95 66642->66643 66643->66389 66645 6c9d1394 ___scrt_initialize_default_local_stdio_options 66644->66645 66648 6c9db8c1 66645->66648 66651 6c9da49b 66648->66651 66652 6c9da4bf 66651->66652 66653 6c9da4a7 66651->66653 66656 6c9da4d0 66652->66656 66659 6c9da4f3 66652->66659 66681 6c9e0f46 20 API calls _abort 66653->66681 66655 6c9da4ac 66682 6c9da3a9 26 API calls _Deallocate 66655->66682 66660 6c9d139e 66656->66660 66691 6c9e0f46 20 API calls _abort 66656->66691 66683 6c9e0f46 20 API calls _abort 66659->66683 66660->66640 66662 6c9da4f8 66663 6c9da505 66662->66663 66664 6c9da532 66662->66664 66684 6c9da59f 48 API calls 4 library calls 66663->66684 66687 6c9da59f 48 API calls 4 library calls 66664->66687 66668 6c9da517 66670 6c9da56c 66668->66670 66671 6c9da51f 66668->66671 66669 6c9da544 66669->66670 66673 6c9da556 66669->66673 66670->66660 66690 6c9e0f46 20 API calls _abort 66670->66690 66685 6c9e0f46 20 API calls _abort 66671->66685 66688 6c9e0f46 20 API calls _abort 66673->66688 66674 6c9da524 66674->66660 66686 6c9e0f46 20 API calls _abort 66674->66686 66676 6c9da55b 66676->66660 66689 6c9e0f46 20 API calls _abort 66676->66689 66678 6c9da57d 66692 6c9da3a9 26 API calls _Deallocate 66678->66692 66681->66655 66682->66660 66683->66662 66684->66668 66685->66674 66686->66660 66687->66669 66688->66676 66689->66660 66690->66678 66691->66678 66692->66660 66693->66527 66696 6c9d38c5 __EH_prolog3_GS 66694->66696 66695 6c9d195a 2 API calls 66695->66696 66696->66695 66700 6c9d38e0 66696->66700 66697 6c9d3a68 66698 6c9d5ff7 5 API calls 66697->66698 66699 6c9d38b1 66698->66699 66699->66264 66700->66697 66701 6c9d1999 2 API calls 66700->66701 66702 6c9d3a6e 30 API calls 66700->66702 66703 6c9d13fa 28 API calls 66700->66703 66704 6c9d189c 27 API calls 66700->66704 66705 6c9d1060 26 API calls 66700->66705 66706 6c9d3a16 GetDlgItem 66700->66706 66701->66700 66702->66700 66703->66700 66704->66700 66705->66700 66712 6c9d1a8d 66706->66712 66708->66515 66709->66534 66710->66535 66711->66523 66713 6c9d1ab5 66712->66713 66714 6c9d1b60 66712->66714 66715 6c9d1ab9 66713->66715 66716 6c9d1ada GetClientRect SendMessageA 66713->66716 66731 6c9d1149 50 API calls __EH_prolog3_GS 66714->66731 66729 6c9d1149 50 API calls __EH_prolog3_GS 66715->66729 66719 6c9d1b37 SendMessageA 66716->66719 66720 6c9d1b23 66716->66720 66722 6c9d5637 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 66719->66722 66730 6c9d12ab 30 API calls __EH_prolog3_GS 66720->66730 66725 6c9d1b5a 66722->66725 66724 6c9d1ac9 66732 6c9d89cd RaiseException 66724->66732 66725->66700 66726 6c9d1b80 66733 6c9d17b2 28 API calls 2 library calls 66726->66733 66728 6c9d1b93 66728->66700 66729->66724 66730->66724 66731->66724 66732->66726 66733->66728 66734->66561 66736 6c9d419d 66735->66736 66737 6c9d29c1 66735->66737 66736->66737 66738 6c9d41a6 GetDlgItem SendMessageA 66736->66738 66737->66131 66738->66737 66739 6c9d41c9 66738->66739 66739->66737 66740->66585 66741 6c9d4cf0 66742 6c9d4cf9 66741->66742 66747 6c9d4d49 66741->66747 66743 6c9d4d05 lstrlen 66742->66743 66744 6c9d4d4c DialogBoxParamA 66743->66744 66745 6c9d4d1a lstrlen 66743->66745 66744->66747 66745->66744 66746 6c9d4d2f 66745->66746 66750 6c9d2382 59 API calls 66746->66750 66749 6c9d4d45 66749->66747 66750->66749 66751 6cf6c478 66752 6cf6c493 66751->66752 66777 6cf6bed4 66752->66777 66778 6cf6bedd 66777->66778 66779 6cf6bf60 66778->66779 66793 6ce981fc 12 API calls 66778->66793 66795 6cf6c850 66779->66795 66781 6cf6bf39 66794 6ceb9254 75 API calls 66781->66794 66786 6cf6bf7c 66799 6cf6b4c0 21 API calls 66786->66799 66788 6cf6bfb7 66800 6ce9a278 11 API calls 66788->66800 66790 6cf6bfd1 66801 6ce9a2e8 SysFreeString 66790->66801 66792 6cf6bfe6 66793->66781 66796 6cf6c857 66795->66796 66797 6cf6c85c 66795->66797 66802 6cf6c834 77 API calls 66796->66802 66797->66786 66799->66788 66800->66790 66801->66792 66802->66797 66803 6cf6e768 66804 6cf6e786 66803->66804 66805 6cf6e799 66803->66805 66811 6cf6dbec 66804->66811 66807 6ce9a218 11 API calls 66805->66807 66809 6cf6e7b8 66807->66809 66808 6cf6e78e 66810 6cf6dd14 79 API calls 66808->66810 66810->66805 66812 6ce9adf0 11 API calls 66811->66812 66814 6cf6dc16 66812->66814 66813 6cf6dc28 GetModuleFileNameW 66813->66814 66814->66813 66815 6cf6dc67 66814->66815 66818 6ce9adf0 11 API calls 66814->66818 66816 6ce9adf0 11 API calls 66815->66816 66817 6cf6dc71 66816->66817 66825 6cf6da64 66817->66825 66818->66814 66826 6cf6da91 66825->66826 66827 6cf6daf3 66826->66827 66828 6cf6daa8 66826->66828 66829 6ce9a218 11 API calls 66827->66829 66830 6cf6dab4 GetLongPathNameW 66828->66830 66838 6cf6dafa 66829->66838 66831 6ce9adf0 11 API calls 66830->66831 66835 6cf6dac4 66831->66835 66832 6cf6db09 FindFirstFileW 66833 6cf6db16 66832->66833 66832->66838 66834 6ce9a218 11 API calls 66833->66834 66836 6cf6db1d 66834->66836 66839 6cf6dade GetLongPathNameW 66835->66839 66840 6cf6daee 66836->66840 66854 6ceb2478 11 API calls 66836->66854 66838->66832 66838->66836 66848 6ce9a650 11 API calls 66838->66848 66852 6ce9af54 11 API calls 66838->66852 66853 6ceb2388 11 API calls 66838->66853 66842 6ce9adf0 11 API calls 66839->66842 66855 6ce9a278 11 API calls 66840->66855 66842->66840 66845 6cf6dbc2 66847 6ce9a218 11 API calls 66845->66847 66846 6cf6db96 66849 6ce9aecc 11 API calls 66846->66849 66850 6cf6dbca 66847->66850 66851 6cf6db6a FindClose 66848->66851 66849->66840 66851->66838 66853->66838 66854->66846 66855->66845

                                                                          Executed Functions

                                                                          Function 6C9D2447 Relevance: 39.9, APIs: 26, Instructions: 916stringtimewindowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog3_GS.LIBCMT ref: 6C9D2451
                                                                          • EndDialog.USER32(?,00000000), ref: 6C9D2599
                                                                            • Part of subcall function 6C9D423F: lstrlen.KERNEL32(02679235,6C9D3EC8), ref: 6C9D424A
                                                                          • GetDlgItem.USER32(000055F6), ref: 6C9D24CA
                                                                          • GetDlgItem.USER32(000055F0), ref: 6C9D24E8
                                                                          • GetDlgItem.USER32(000055F1), ref: 6C9D24F9
                                                                          • GetDlgItem.USER32(000055F4), ref: 6C9D250A
                                                                          • IsWindowEnabled.USER32(00000000), ref: 6C9D250D
                                                                          • GetDlgItem.USER32(000055F4), ref: 6C9D2522
                                                                          • GetDlgItem.USER32(000055F5), ref: 6C9D2533
                                                                          • IsWindowEnabled.USER32(00000000), ref: 6C9D2536
                                                                          • GetDlgItem.USER32(000055F5), ref: 6C9D254F
                                                                            • Part of subcall function 6C9D1708: IsDlgButtonChecked.USER32(?), ref: 6C9D1714
                                                                          • KillTimer.USER32(?,000003E8,000055FD), ref: 6C9D25C4
                                                                          • GetDlgItemInt.USER32(0000560E,00000000,00000000), ref: 6C9D2741
                                                                          • GetDlgItem.USER32(0000560E,0000560E), ref: 6C9D2769
                                                                          • GetDlgItem.USER32(00005612), ref: 6C9D27C8
                                                                          • SetFocus.USER32(00000000), ref: 6C9D27CF
                                                                            • Part of subcall function 6C9D111E: _Deallocate.LIBCONCRT ref: 6C9D112D
                                                                          • lstrcpy.KERNEL32(0066174E,?), ref: 6C9D27F9
                                                                          • lstrcpy.KERNEL32(00661764,?), ref: 6C9D2898
                                                                          • SetFocus.USER32(00000000), ref: 6C9D2770
                                                                            • Part of subcall function 6C9D4288: __EH_prolog3_GS.LIBCMT ref: 6C9D428F
                                                                            • Part of subcall function 6C9D4288: lstrcpy.KERNEL32(00661867,?), ref: 6C9D43DE
                                                                            • Part of subcall function 6C9D1809: GetDlgItemTextA.USER32(000204D4,00000400,00000000,000055F1), ref: 6C9D185B
                                                                            • Part of subcall function 6C9D2054: __EH_prolog3.LIBCMT ref: 6C9D205B
                                                                          • KiUserCallbackDispatcher.NTDLL ref: 6C9D2C2F
                                                                          • KillTimer.USER32(?,000003E8), ref: 6C9D3158
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Item$lstrcpy$EnabledFocusH_prolog3_KillTimerWindow$ButtonCallbackCheckedDeallocateDialogDispatcherH_prolog3TextUserlstrlen
                                                                          • String ID:
                                                                          • API String ID: 842316870-0
                                                                          • Opcode ID: 12388554f0c60edf7754b961e9b2a11c879834d7651466b610bf09aa61ce3532
                                                                          • Instruction ID: 39126c6fbe9267d419ad8423903473fa9b42298045740ac3c6dd7711aef49680
                                                                          • Opcode Fuzzy Hash: 12388554f0c60edf7754b961e9b2a11c879834d7651466b610bf09aa61ce3532
                                                                          • Instruction Fuzzy Hash: 4962F7B2A04E446AEB01DF74DC48BEE37B9AB23719F168064E0107BB91C775FA49CB51
                                                                          Function 6CF6DA64 Relevance: 6.1, APIs: 4, Instructions: 106fileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • GetLongPathNameW.KERNEL32(00000000,00000000,00000000), ref: 6CF6DAB5
                                                                          • GetLongPathNameW.KERNEL32(00000000,00000000,02C44FC9), ref: 6CF6DADF
                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000000,6CF6DBCD,?,?,02C44FC9,?,?,6CF6DC7B,6CE90000,00000000,02C44FC9,00000000,6CF6DCA3), ref: 6CF6DB0A
                                                                          • FindClose.KERNEL32(00000000,?,?,6CF6DBE8,00000000,?,00000000,6CF6DBCD,?,?,02C44FC9,?,?,6CF6DC7B,6CE90000,00000000), ref: 6CF6DB6B
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FindLongNamePath$CloseFileFirst
                                                                          • String ID:
                                                                          • API String ID: 646707308-0
                                                                          • Opcode ID: 1405cf12b0ad44f9ce8837404263e63a3548308a625acce147fa52040688410a
                                                                          • Instruction ID: 5e9ac4a3d94446d5db611ede866b998d3c77e84fa0d6643d762faf5e944b46bc
                                                                          • Opcode Fuzzy Hash: 1405cf12b0ad44f9ce8837404263e63a3548308a625acce147fa52040688410a
                                                                          • Instruction Fuzzy Hash: 3A418F30E44618AFCB11DF68CD84BDEB3B9AF49719F3005A8E404E7B54DB309E899B55
                                                                          Function 6CE9E850 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,6CE9E912,?,?), ref: 6CE9E882
                                                                          • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,6CE9E912,?,?), ref: 6CE9E88B
                                                                            • Part of subcall function 6CE9E6FC: FindFirstFileW.KERNEL32(00000000,?,00000000,6CE9E75C,?,?), ref: 6CE9E72F
                                                                            • Part of subcall function 6CE9E6FC: FindClose.KERNEL32(00000000,00000000,?,00000000,6CE9E75C,?,?), ref: 6CE9E73F
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                          • String ID:
                                                                          • API String ID: 3216391948-0
                                                                          • Opcode ID: a4dfea0307b9be04d342a848a5a9a648efaa1a8c411ba74c0a392e175dbd1f1a
                                                                          • Instruction ID: ae1ea9c4768f293cf0914488316db9a78a2e7fee6fee586ea15ed0a60d0434fe
                                                                          • Opcode Fuzzy Hash: a4dfea0307b9be04d342a848a5a9a648efaa1a8c411ba74c0a392e175dbd1f1a
                                                                          • Instruction Fuzzy Hash: 00117F70E446099BDB04DBA4C880AEDB3B9EF48308F70497DE504E7B90DB306F0886A6
                                                                          Function 6CE9E6FC Relevance: 3.0, APIs: 2, Instructions: 34fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000000,6CE9E75C,?,?), ref: 6CE9E72F
                                                                          • FindClose.KERNEL32(00000000,00000000,?,00000000,6CE9E75C,?,?), ref: 6CE9E73F
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Find$CloseFileFirst
                                                                          • String ID:
                                                                          • API String ID: 2295610775-0
                                                                          • Opcode ID: b2fa314ce26db79e8299c01e9a367a29ccbafb5bb1f1b4bfb74a18e086b37900
                                                                          • Instruction ID: 90410f49604c2fd8075da69015ebb08e226bdf4e35bdac2407a913cd32c14338
                                                                          • Opcode Fuzzy Hash: b2fa314ce26db79e8299c01e9a367a29ccbafb5bb1f1b4bfb74a18e086b37900
                                                                          • Instruction Fuzzy Hash: EEF0E272944B08AFC710EB74CD9089EB7FCEB482187700AA5E500D3A40EB309E089561
                                                                          Function 6CF76168 Relevance: 35.4, APIs: 14, Strings: 6, Instructions: 411registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 440 6cf76168-6cf76183 441 6cf76747-6cf7674a 440->441 442 6cf76189-6cf7620b call 6ce97be4 GetVersionExW call 6ce97be4 call 6cec20c0 440->442 449 6cf76216-6cf76234 442->449 450 6cf7620d-6cf76211 GetNativeSystemInfo 442->450 451 6cf76236-6cf7623d 449->451 452 6cf76250-6cf76271 RegOpenKeyExW 449->452 450->449 453 6cf76243-6cf7624a 451->453 454 6cf7652c-6cf76543 call 6cea0440 451->454 452->454 455 6cf76277-6cf7629f RegQueryValueExW 452->455 453->452 453->454 464 6cf766cb-6cf766d3 454->464 465 6cf76549-6cf7654a 454->465 457 6cf762a1-6cf762a5 455->457 458 6cf762f0-6cf7630a RegQueryValueExW 455->458 457->458 459 6cf762a7-6cf762eb RegQueryValueExW * 2 457->459 460 6cf76405-6cf76421 RegQueryValueExW 458->460 461 6cf76310-6cf76314 458->461 459->460 466 6cf76427-6cf76447 460->466 467 6cf7650c-6cf76522 RegCloseKey 460->467 461->460 463 6cf7631a-6cf76335 461->463 470 6cf76337 463->470 471 6cf7633a-6cf7638c call 6ce9adf0 call 6ce9ac7c RegQueryValueExW call 6cebe864 463->471 468 6cf766d5 464->468 469 6cf766dc-6cf766eb call 6cea0440 464->469 472 6cf76550-6cf76553 465->472 473 6cf765f8-6cf76600 465->473 474 6cf7644c-6cf76479 call 6ce9adf0 call 6ce9ac7c RegQueryValueExW call 6ceb1d40 466->474 475 6cf76449 466->475 467->454 476 6cf766d7-6cf766d8 468->476 477 6cf766ed-6cf766fc call 6cea0440 468->477 469->441 470->471 553 6cf76391-6cf76394 471->553 554 6cf7638e 471->554 472->441 480 6cf76559-6cf76561 472->480 482 6cf76613-6cf76617 473->482 483 6cf76602 473->483 533 6cf7647e-6cf76480 474->533 475->474 484 6cf766fe-6cf76702 476->484 485 6cf766da 476->485 477->441 480->441 491 6cf76567-6cf7656e call 6cec2064 480->491 486 6cf7662d-6cf7663c call 6cea0440 482->486 487 6cf76619-6cf76628 call 6cea0440 482->487 493 6cf76604-6cf76605 483->493 494 6cf76641-6cf76645 483->494 502 6cf76704-6cf76709 484->502 503 6cf7671c-6cf76725 GetSystemMetrics 484->503 485->441 486->441 487->441 521 6cf765c4-6cf765ce 491->521 522 6cf76570-6cf7657a 491->522 505 6cf76607-6cf76608 493->505 506 6cf7666f-6cf76673 493->506 500 6cf76647-6cf76656 call 6cea0440 494->500 501 6cf7665b-6cf7666a call 6cea0440 494->501 500->441 501->441 502->503 516 6cf7670b-6cf7671a call 6cea0440 502->516 519 6cf76727-6cf76736 call 6cea0440 503->519 520 6cf76738-6cf76742 call 6cea0440 503->520 507 6cf7660e 505->507 508 6cf7669d-6cf766a4 call 6cec2064 505->508 509 6cf76675-6cf76684 call 6cea0440 506->509 510 6cf76689-6cf76698 call 6cea0440 506->510 507->441 550 6cf766a6-6cf766b5 call 6cea0440 508->550 551 6cf766ba-6cf766c9 call 6cea0440 508->551 509->441 510->441 516->441 519->441 520->441 537 6cf765e4-6cf765f3 call 6cea0440 521->537 538 6cf765d0-6cf765df call 6cea0440 521->538 540 6cf76590-6cf7659a 522->540 541 6cf7657c-6cf7658b call 6cea0440 522->541 547 6cf764e5-6cf76502 call 6ce9a218 533->547 548 6cf76482-6cf7649e RegQueryValueExW 533->548 537->441 538->441 545 6cf765b0-6cf765bf call 6cea0440 540->545 546 6cf7659c-6cf765ab call 6cea0440 540->546 541->441 545->441 546->441 547->467 548->547 556 6cf764a0-6cf764a8 548->556 550->441 551->441 564 6cf76396-6cf763bc call 6ceb1d28 * 2 553->564 565 6cf763c1-6cf763dc call 6ce9d22c 553->565 554->553 568 6cf764ad-6cf764e2 call 6ce9adf0 call 6ce9ac7c RegQueryValueExW call 6ceb1d28 556->568 569 6cf764aa 556->569 564->565 565->460 568->547 569->568
                                                                          APIs
                                                                          • GetVersionExW.KERNEL32(0000011C), ref: 6CF761AC
                                                                          • GetNativeSystemInfo.KERNEL32(?,0000011C), ref: 6CF76211
                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020019,?,0000011C), ref: 6CF7626A
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentMajorVersionNumber,00000000,00000000,00000000,?,00000000,6CF76525,?,80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020019,?,0000011C), ref: 6CF76298
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentMajorVersionNumber,00000000,00000000,?,00000004,?,CurrentMajorVersionNumber,00000000,00000000,00000000,?,00000000,6CF76525,?,80000002), ref: 6CF762BC
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentMinorVersionNumber,00000000,00000000,?,00000004,?,CurrentMajorVersionNumber,00000000,00000000,?,00000004,?,CurrentMajorVersionNumber,00000000,00000000), ref: 6CF762DE
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentVersion,00000000,00000000,00000000,?,?,CurrentMajorVersionNumber,00000000,00000000,00000000,?,00000000,6CF76525,?,80000002), ref: 6CF76303
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentVersion,00000000,00000000,00000000,00000002,00000000,6CF763FE,?,?,CurrentVersion,00000000,00000000,00000000,?,?), ref: 6CF7635C
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentBuild,00000000,00000000,00000000,?,?,CurrentVersion,00000000,00000000,00000000,?,?,CurrentMajorVersionNumber,00000000,00000000), ref: 6CF76418
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentBuild,00000000,00000000,00000000,00000002,00000000,6CF76505,?,?,CurrentBuild,00000000,00000000,00000000,?,?), ref: 6CF7646E
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentBuildNumber,00000000,00000000,00000000,00000002,?,CurrentBuild,00000000,00000000,00000000,00000002,00000000,6CF76505,?,?), ref: 6CF76495
                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentBuildNumber,00000000,00000000,00000000,00000002,?,CurrentBuildNumber,00000000,00000000,00000000,00000002,?,CurrentBuild,00000000,00000000), ref: 6CF764CF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: QueryValue$InfoNativeOpenSystemVersion
                                                                          • String ID: CurrentBuild$CurrentBuildNumber$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                          • API String ID: 3851673630-3493340660
                                                                          • Opcode ID: 50f0bfc659f35c6001f49a0c214500631a692a3e6da7470dabad8181fe0b0fb7
                                                                          • Instruction ID: effa00e8e84bcae255d2e57b79f08b9385b73ebd67de14a898e36d1575a0c828
                                                                          • Opcode Fuzzy Hash: 50f0bfc659f35c6001f49a0c214500631a692a3e6da7470dabad8181fe0b0fb7
                                                                          • Instruction Fuzzy Hash: E8E15971A142449FDBA1CFA4ED45B9E7BB9FB46318F20446BF400EBA40DB399906CB71
                                                                          Function 6CE9E318 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 178registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6CE9E540,?,?,?), ref: 6CE9E357
                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6CE9E540,?,?,?), ref: 6CE9E3A0
                                                                          • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6CE9E540,?,?,?), ref: 6CE9E3C2
                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000), ref: 6CE9E3E0
                                                                          • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001), ref: 6CE9E3FE
                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,00020019,?,80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002), ref: 6CE9E41C
                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,00020019,?,80000001,Software\Borland\Locales,00000000,00020019,?,80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001), ref: 6CE9E43A
                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,00000000,6CE9E51C,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6CE9E540), ref: 6CE9E474
                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,?,00000000,6CE9E51C,?,80000001), ref: 6CE9E499
                                                                          • RegCloseKey.ADVAPI32(?,6CE9E523,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,6CE9E51C,?,80000001,Software\Embarcadero\Locales), ref: 6CE9E514
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Open$QueryValue$CloseFileModuleName
                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                          • API String ID: 2701450724-3496071916
                                                                          • Opcode ID: 37e7e52df80ae41c880e54190efdb48c2cb636279f14303c068fbee21e4d4ae0
                                                                          • Instruction ID: b2a7343a50e08537f1cee947032e16561aadb65f70d445b56ca07ea619648f20
                                                                          • Opcode Fuzzy Hash: 37e7e52df80ae41c880e54190efdb48c2cb636279f14303c068fbee21e4d4ae0
                                                                          • Instruction Fuzzy Hash: 99512771A4061DBEEB10C6A4CC41FEE73BCEB04708F704959FA14F7A81E774AA448A95
                                                                          Function 6C9D1A8D Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83windowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • GetClientRect.USER32(?,?), ref: 6C9D1B02
                                                                          • SendMessageA.USER32(00000404,00000000,00000030), ref: 6C9D1B19
                                                                            • Part of subcall function 6C9D1149: __EH_prolog3_GS.LIBCMT ref: 6C9D1150
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ClientH_prolog3_MessageRectSend
                                                                          • String ID: 0$Tooltip control exception (%s)$Tooltip control not created!
                                                                          • API String ID: 1416056304-684261864
                                                                          • Opcode ID: b9195c515a27f696bce99498aa2c7fd11b6c7d82c6c794c191838fced39d37ca
                                                                          • Instruction ID: cb219e240b7f581b6e98345a07bce61afc298dc3d6a8a53bd7f61613cbafca9d
                                                                          • Opcode Fuzzy Hash: b9195c515a27f696bce99498aa2c7fd11b6c7d82c6c794c191838fced39d37ca
                                                                          • Instruction Fuzzy Hash: 0321F2B2108304AFC704DF60D805E8ABBF8FBE6764F10891DF561A7650E770E204CB96
                                                                          Function 6C9D33B9 Relevance: 9.1, APIs: 6, Instructions: 63windowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                            • Part of subcall function 6C9D195A: ShowWindow.USER32(00000000,6C9D3FC7,00000000,?,6C9D33C9,0000560D,?,?,?,6C9D3FC7,00005603), ref: 6C9D196D
                                                                            • Part of subcall function 6C9D1999: ShowWindow.USER32(00000000,6C9D3FC7,00000005,?,6C9D33E4,0000560D,?,6C9FD7E0), ref: 6C9D19AC
                                                                          • GetDlgItem.USER32(0000560D,0000014B), ref: 6C9D33FA
                                                                          • SendMessageA.USER32(00000000,?,6C9FD7E0), ref: 6C9D3403
                                                                          • GetDlgItem.USER32(0000560D), ref: 6C9D3420
                                                                          • SendMessageA.USER32(00000000,00000143,00000000,026789E9), ref: 6C9D3439
                                                                          • GetDlgItem.USER32(0000560D), ref: 6C9D345F
                                                                          • SendMessageA.USER32(00000000,0000014E,00000000,00000000), ref: 6C9D3474
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ItemMessageSend$ShowWindow
                                                                          • String ID:
                                                                          • API String ID: 2117610553-0
                                                                          • Opcode ID: 335a0126d7f5899e0524563c549f523d09e02a36946199408ae4b80e504bddc7
                                                                          • Instruction ID: 29e6c61601ee3e269e9e2aa15c49b345b0302bbcbcb190795c1d1e6dfc50642f
                                                                          • Opcode Fuzzy Hash: 335a0126d7f5899e0524563c549f523d09e02a36946199408ae4b80e504bddc7
                                                                          • Instruction Fuzzy Hash: ED110AB2B08608BFEB059F58EC94C6B377CFF52709B254079F10567390C276BD008A90
                                                                          Function 6C9D4CF0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32stringCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 681 6c9d4cf0-6c9d4cf7 682 6c9d4d49-6c9d4d4b 681->682 683 6c9d4cf9-6c9d4d18 call 6c9d4fa9 lstrlen 681->683 686 6c9d4d4c-6c9d4d64 DialogBoxParamA 683->686 687 6c9d4d1a-6c9d4d2d lstrlen 683->687 689 6c9d4d6a-6c9d4d71 686->689 687->686 688 6c9d4d2f-6c9d4d47 call 6c9d2382 687->688 688->682 688->689
                                                                          APIs
                                                                          • lstrlen.KERNEL32(02679235), ref: 6C9D4D10
                                                                          • lstrlen.KERNEL32(0267921F), ref: 6C9D4D25
                                                                            • Part of subcall function 6C9D2382: LoadLibraryA.KERNEL32(02679235,?,?,?,?,?,6C9D4D45), ref: 6C9D2398
                                                                          • DialogBoxParamA.USER32(REMOTEDLG,6C9D2447,00000000), ref: 6C9D4D64
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen$DialogLibraryLoadParam
                                                                          • String ID: REMOTEDLG
                                                                          • API String ID: 1143393034-2730241525
                                                                          • Opcode ID: 258478d86190af3350e028b0d2850f6ef17f90ff69efea887298ad35d0782648
                                                                          • Instruction ID: 511791cf021f1ee5a1cf538cbd9f024f758c123b5c74570d5355c6c2a757dbac
                                                                          • Opcode Fuzzy Hash: 258478d86190af3350e028b0d2850f6ef17f90ff69efea887298ad35d0782648
                                                                          • Instruction Fuzzy Hash: 95F06DB230C6409FEF05AF61EC18B503A79EBA7A0AF258464A464AF7A0CB35F415DB10
                                                                          Function 6C9D1A45 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 692 6c9d1a45-6c9d1a4c 693 6c9d1a8c 692->693 694 6c9d1a4e-6c9d1a8b GetModuleHandleA CreateWindowExA SetWindowPos 692->694 694->693
                                                                          APIs
                                                                          • GetModuleHandleA.KERNEL32(00000000,00000000,?,6C9D2C2A,00000000,00000000,?), ref: 6C9D1A53
                                                                          • CreateWindowExA.USER32(00000000,tooltips_class32,00000000,80000042,80000000,80000000,80000000,80000000,00000000,00000000,00000000), ref: 6C9D1A71
                                                                          • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 6C9D1A85
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Window$CreateHandleModule
                                                                          • String ID: tooltips_class32
                                                                          • API String ID: 1084761317-1918224756
                                                                          • Opcode ID: 339c95deb218c2f72da4ddf50f6168cfccf8e30979525029868013ff524131f2
                                                                          • Instruction ID: 483dea1c3db3859cb5ca0995500589a8cf93a3b4b454759fef97a994b338653a
                                                                          • Opcode Fuzzy Hash: 339c95deb218c2f72da4ddf50f6168cfccf8e30979525029868013ff524131f2
                                                                          • Instruction Fuzzy Hash: BEE0BFB260A531BEEBB45A666C0CFE73D7CEF5B7B1F614209B918E5281C6244901CBF4
                                                                          Function 6CE99BE8 Relevance: 6.2, APIs: 4, Instructions: 159threadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 695 6ce99be8-6ce99bf5 696 6ce99bfc-6ce99c30 GetCurrentThreadId 695->696 697 6ce99bf7 695->697 698 6ce99c32 696->698 699 6ce99c34-6ce99c60 call 6ce99acc 696->699 697->696 698->699 702 6ce99c69-6ce99c70 699->702 703 6ce99c62-6ce99c64 699->703 705 6ce99c7a-6ce99c80 702->705 706 6ce99c72-6ce99c75 702->706 703->702 704 6ce99c66 703->704 704->702 707 6ce99c82 705->707 708 6ce99c85-6ce99c8c 705->708 706->705 707->708 709 6ce99c9b-6ce99c9f 708->709 710 6ce99c8e-6ce99c95 708->710 711 6ce99f48-6ce99f5c 709->711 712 6ce99ca5 call 6ce99b7c 709->712 710->709 713 6ce99f6f-6ce99f76 711->713 714 6ce99f5e-6ce99f6a call 6ce99e18 call 6ce99eb0 711->714 719 6ce99caa 712->719 717 6ce99f99-6ce99f9d 713->717 718 6ce99f78-6ce99f83 GetCurrentThreadId 713->718 714->713 722 6ce99f9f-6ce99fa6 717->722 723 6ce99fc1-6ce99fc5 717->723 718->717 721 6ce99f85-6ce99f94 call 6ce99aec call 6ce99e84 718->721 719->711 721->717 722->723 728 6ce99fa8-6ce99fbf 722->728 724 6ce99fd1-6ce99fd5 723->724 725 6ce99fc7-6ce99fca 723->725 730 6ce99ff4-6ce99ffd call 6ce99b14 724->730 731 6ce99fd7-6ce99fe0 call 6ce96ee4 724->731 725->724 729 6ce99fcc-6ce99fce 725->729 728->723 729->724 741 6ce99fff-6ce9a002 730->741 742 6ce9a004-6ce9a009 730->742 731->730 740 6ce99fe2-6ce99ff2 call 6ce983d4 call 6ce96ee4 731->740 740->730 741->742 743 6ce9a025-6ce9a030 call 6ce99aec 741->743 742->743 744 6ce9a00b-6ce9a019 call 6ce9ec40 742->744 753 6ce9a032 743->753 754 6ce9a035-6ce9a039 743->754 744->743 752 6ce9a01b-6ce9a01d 744->752 752->743 756 6ce9a01f-6ce9a020 FreeLibrary 752->756 753->754 757 6ce9a03b-6ce9a03d call 6ce99e84 754->757 758 6ce9a042-6ce9a045 754->758 756->743 757->758 760 6ce9a05e-6ce9a06f 758->760 761 6ce9a047-6ce9a04e 758->761 760->723 762 6ce9a050 761->762 763 6ce9a056-6ce9a059 ExitProcess 761->763 762->763
                                                                          APIs
                                                                          • GetCurrentThreadId.KERNEL32 ref: 6CE99C1F
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentThread
                                                                          • String ID:
                                                                          • API String ID: 2882836952-0
                                                                          • Opcode ID: 64752304ab782117d38431ed1fdb007f0ca2cb2d1e9c114707b3710fd05c4109
                                                                          • Instruction ID: c246734800d176cd9615568656c714061cf28f0f963c20a6e8a7e30675949b3e
                                                                          • Opcode Fuzzy Hash: 64752304ab782117d38431ed1fdb007f0ca2cb2d1e9c114707b3710fd05c4109
                                                                          • Instruction Fuzzy Hash: D651AF70A003408FDB21DF69D48879ABBF5AF0931CF34466ED80A8BB40D774D888CBA5
                                                                          Function 6CE93082 Relevance: 6.1, APIs: 4, Instructions: 94fileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • CreateFileW.KERNEL32(000B0BA8,80000000,00000001,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,?,6CE93434), ref: 6CE93111
                                                                          • SetFilePointerEx.KERNEL32(000000FF,?,?,00000000,00000000,?,?,?,?,?,?,?,?,6CE93434,6CE9101B), ref: 6CE93139
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: File$CreatePointer
                                                                          • String ID:
                                                                          • API String ID: 2024441833-0
                                                                          • Opcode ID: cffe112ed152054d50af006d6e2f6962ce3fa32c0a50d98b2131db173376ecd5
                                                                          • Instruction ID: e12719af0fd437ef3414c3edeeef5f76921b09dc0983a3eaa7085f553bd7a169
                                                                          • Opcode Fuzzy Hash: cffe112ed152054d50af006d6e2f6962ce3fa32c0a50d98b2131db173376ecd5
                                                                          • Instruction Fuzzy Hash: 8E31E3B1D04209BEEF019FA4DC0AAEDBBB1EF08314F204069F525B55A0EB725A509B58
                                                                          Function 6C9D31C2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • __EH_prolog3_GS.LIBCMT ref: 6C9D31C9
                                                                            • Part of subcall function 6C9D15B6: _strlen.LIBCMT ref: 6C9D15CD
                                                                            • Part of subcall function 6C9D189C: SetDlgItemTextA.USER32(6C9D3FC2,?), ref: 6C9D18B4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog3_ItemText_strlen
                                                                          • String ID: %s-%s$N/A
                                                                          • API String ID: 3336728777-224051775
                                                                          • Opcode ID: 6562ab2283d1fb9c5060f174fef40c729be5a233f94664af30bb39668a2e22aa
                                                                          • Instruction ID: eca54f037ed32d8f7f39a8b405957622e9ed4ed4d0bb2cdd844d7535400532a7
                                                                          • Opcode Fuzzy Hash: 6562ab2283d1fb9c5060f174fef40c729be5a233f94664af30bb39668a2e22aa
                                                                          • Instruction Fuzzy Hash: 6421B762A00E0056D704FB788C16AFD76219B72369F82C198D5027FFC1DF55FA888BD2
                                                                          Function 6CE9223B Relevance: 4.6, APIs: 3, Instructions: 122libraryloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 886 6ce9223b-6ce9227a call 6ce9216c call 6ce92132 call 6ce9214f call 6ce9196b 895 6ce9228c-6ce9228e 886->895 896 6ce9227c-6ce9228a 886->896 898 6ce9239e-6ce9239f 895->898 896->895 897 6ce92293-6ce922a6 896->897 899 6ce922b1-6ce922b8 897->899 900 6ce9238b-6ce9238f 899->900 901 6ce922be-6ce922d7 GetModuleHandleA 899->901 904 6ce92391-6ce92395 900->904 905 6ce92397 900->905 902 6ce922d9-6ce922df LoadLibraryA 901->902 903 6ce922e2-6ce922e6 901->903 902->903 906 6ce922e8-6ce922ea 903->906 907 6ce922ef-6ce922f9 903->907 908 6ce9239b 904->908 905->908 906->898 909 6ce92308-6ce92311 907->909 910 6ce922fb-6ce92306 907->910 908->898 911 6ce92314-6ce92320 909->911 910->911 912 6ce92334-6ce9233a 911->912 913 6ce9233c-6ce9234a 912->913 914 6ce92386 912->914 916 6ce9234c-6ce92360 913->916 917 6ce92362-6ce92379 GetProcAddress 913->917 914->899 918 6ce9237c-6ce92384 916->918 917->918 918->912
                                                                          APIs
                                                                          • GetModuleHandleA.KERNEL32(?), ref: 6CE922CD
                                                                          • LoadLibraryA.KERNEL32(?), ref: 6CE922DC
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 6CE92376
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                          • String ID:
                                                                          • API String ID: 310444273-0
                                                                          • Opcode ID: 13e88093eca7a74e6f7e2843363ae382f0f6a81123a7ee47207706172e7ec647
                                                                          • Instruction ID: f8fce0d6c33c389a289d42137dea6909c0612d42d22b8db2adf8efd14d6f6fc6
                                                                          • Opcode Fuzzy Hash: 13e88093eca7a74e6f7e2843363ae382f0f6a81123a7ee47207706172e7ec647
                                                                          • Instruction Fuzzy Hash: 6F51A274D0420AEFDF04CF98C888BADBBB1BF19309F208099E511AB791C7759A95CF50
                                                                          Function 6CE91000 Relevance: 3.1, APIs: 2, Instructions: 125memoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 6CE9109E
                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 6CE9115C
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Virtual$AllocProtect
                                                                          • String ID:
                                                                          • API String ID: 2447062925-0
                                                                          • Opcode ID: c6e7cc97e81635be556d2c23620734c33a15422d9a2dbd70c89cb6f212da5ea0
                                                                          • Instruction ID: d490734126c7ea4d92d19e476fd7c0980afc28972924d5e2586a2fb7398cd012
                                                                          • Opcode Fuzzy Hash: c6e7cc97e81635be556d2c23620734c33a15422d9a2dbd70c89cb6f212da5ea0
                                                                          • Instruction Fuzzy Hash: 5751DFB1D00208AFDF05DFE5D885AEDFBB5BF08315F20806AE514BA6A0D7359A95CF50
                                                                          Function 6C9D38B6 Relevance: 3.1, APIs: 2, Instructions: 111COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • __EH_prolog3_GS.LIBCMT ref: 6C9D38C0
                                                                            • Part of subcall function 6C9D195A: ShowWindow.USER32(00000000,6C9D3FC7,00000000,?,6C9D33C9,0000560D,?,?,?,6C9D3FC7,00005603), ref: 6C9D196D
                                                                          • GetDlgItem.USER32(00000000,00000000), ref: 6C9D3A24
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog3_ItemShowWindow
                                                                          • String ID:
                                                                          • API String ID: 2355008015-0
                                                                          • Opcode ID: 1f1f754afe82a746cc742148ca953b6e6404bac624be914810a24304960f19a6
                                                                          • Instruction ID: 592d8712b3ed24f467e4d8ae297f44e7b27298ddfc9af751867ce801e3587159
                                                                          • Opcode Fuzzy Hash: 1f1f754afe82a746cc742148ca953b6e6404bac624be914810a24304960f19a6
                                                                          • Instruction Fuzzy Hash: C541B172A45524DBEB188F28DC54BE87B70BB62314F1681E9D419BBBA0C732EE45CF40
                                                                          Function 6CE9E920 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1000 6ce9e920-6ce9e962 call 6ce9a30c * 2 call 6ce9a218 1007 6ce9e968-6ce9e978 call 6ce9a650 1000->1007 1008 6ce9ea1a-6ce9ea22 1000->1008 1014 6ce9e97a 1007->1014 1015 6ce9e97d-6ce9e982 1007->1015 1009 6ce9ea27-6ce9ea3c call 6ce9a278 1008->1009 1014->1015 1016 6ce9e9a9-6ce9e9b8 call 6ce9e638 1015->1016 1017 6ce9e984-6ce9e98d 1015->1017 1025 6ce9e9c9-6ce9e9e6 GetUserDefaultUILanguage call 6ce9dfd0 call 6ce9e76c 1016->1025 1026 6ce9e9ba-6ce9e9c7 call 6ce9e76c 1016->1026 1020 6ce9e98f-6ce9e9a2 call 6ce9b09c 1017->1020 1021 6ce9e9a4-6ce9e9a7 1017->1021 1020->1016 1021->1016 1021->1017 1034 6ce9e9e8-6ce9e9ef 1025->1034 1035 6ce9ea0b-6ce9ea0e 1025->1035 1026->1008 1034->1035 1037 6ce9e9f1-6ce9ea06 GetSystemDefaultUILanguage call 6ce9dfd0 call 6ce9e76c 1034->1037 1035->1008 1036 6ce9ea10-6ce9ea15 call 6ce9e850 1035->1036 1036->1008 1037->1035
                                                                          APIs
                                                                          • GetUserDefaultUILanguage.KERNEL32(00000000,6CE9EA37,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,6CE9EABE,00000000,?,00000105), ref: 6CE9E9C9
                                                                          • GetSystemDefaultUILanguage.KERNEL32(00000000,6CE9EA37,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,6CE9EABE,00000000,?,00000105), ref: 6CE9E9F1
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DefaultLanguage$SystemUser
                                                                          • String ID:
                                                                          • API String ID: 384301227-0
                                                                          • Opcode ID: 766738458da44a30d4c1d0485a8f485793b398ded7d74e4bc1f885d42e7d58dc
                                                                          • Instruction ID: 63ac7bf3c97556180353dac5868b251a7306b6e10951a187bb91c365aeb4e234
                                                                          • Opcode Fuzzy Hash: 766738458da44a30d4c1d0485a8f485793b398ded7d74e4bc1f885d42e7d58dc
                                                                          • Instruction Fuzzy Hash: 1F312D30E10A199FDB10DB98C881BEEB7B5FF45308F304569D510A7B60DBB09E49CAD2
                                                                          Function 6CE9EA44 Relevance: 3.1, APIs: 2, Instructions: 56libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6CE9EB00,?,6CE90000,6CF77C24), ref: 6CE9EA80
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,6CE9EB00,?,6CE90000,6CF77C24), ref: 6CE9EAD1
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FileLibraryLoadModuleName
                                                                          • String ID:
                                                                          • API String ID: 1159719554-0
                                                                          • Opcode ID: b36702f67f75b12d2507bbca26ddcfdb18608aa6fd0f58a2bbf1cd73d425d5ff
                                                                          • Instruction ID: b6b1040cca7b7d1dcd9c15f710b6985da9c20905d9ccc7c947ec1bb645a5c9ff
                                                                          • Opcode Fuzzy Hash: b36702f67f75b12d2507bbca26ddcfdb18608aa6fd0f58a2bbf1cd73d425d5ff
                                                                          • Instruction Fuzzy Hash: E6115471D8461C9BDB10DB60CD95BDDB3B8EF08304F2149A9E508E7790DB705F84CA95
                                                                          Function 6CEBC3BC Relevance: 3.0, APIs: 2, Instructions: 34libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetErrorMode.KERNEL32 ref: 6CEBC3C6
                                                                          • LoadLibraryW.KERNEL32(00000000,00000000,6CEBC412,?,00000000,6CEBC432), ref: 6CEBC3F5
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLibraryLoadMode
                                                                          • String ID:
                                                                          • API String ID: 2987862817-0
                                                                          • Opcode ID: c884944e4aa22538acb900f20d29f34daceb640048a21a578c57331dc6d7b5fe
                                                                          • Instruction ID: f9f19a656c0b4d4281038d6ebe3bb2ec60b29dfa22ba431b36aa348c4809f4a5
                                                                          • Opcode Fuzzy Hash: c884944e4aa22538acb900f20d29f34daceb640048a21a578c57331dc6d7b5fe
                                                                          • Instruction Fuzzy Hash: 8DF0EC70A08644BFD7129FB28D6187ABBBCEB0DA003A38CB4F800E2F00E6388D108520
                                                                          Function 6C9D16CF Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDlgItem.USER32(?), ref: 6C9D16EB
                                                                          • KiUserCallbackDispatcher.NTDLL(00000000,?), ref: 6C9D16F3
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CallbackDispatcherItemUser
                                                                          • String ID:
                                                                          • API String ID: 4250310104-0
                                                                          • Opcode ID: 9d56f91d5526c7459dc8c866dea8e93e532f0cb2c7e6db52845600ae9f378d71
                                                                          • Instruction ID: afcddf9843fe36578c9b5b06318d1352b23c90a88f1c4f4ae52e518a301b6b3a
                                                                          • Opcode Fuzzy Hash: 9d56f91d5526c7459dc8c866dea8e93e532f0cb2c7e6db52845600ae9f378d71
                                                                          • Instruction Fuzzy Hash: ABE04F33204214AFFB005EABEC84C97B7FCFFA66663548016F950D2110C621E9408760
                                                                          Function 6C9D1905 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDlgItem.USER32(?,?), ref: 6C9D1916
                                                                          • KiUserCallbackDispatcher.NTDLL(00000000), ref: 6C9D191D
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CallbackDispatcherItemUser
                                                                          • String ID:
                                                                          • API String ID: 4250310104-0
                                                                          • Opcode ID: 86d92972b1bb0fb9d44c74afca17a60fbecc2fe72ebbd533b340399d868c6108
                                                                          • Instruction ID: 213fbadf25bc8a68fd2c619d9f827df0beafb93ffcbf302d9d43c5d7a7820cac
                                                                          • Opcode Fuzzy Hash: 86d92972b1bb0fb9d44c74afca17a60fbecc2fe72ebbd533b340399d868c6108
                                                                          • Instruction Fuzzy Hash: C3C00277118248BFEF452FA5E8088AA7FBDAF6E6117208051BA6585211C6369660AB60
                                                                          Function 6CF6DBEC Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(6CE90000,00000000,02C44FC9,00000000,6CF6DCA3,?,?,02C44FC8,00000001), ref: 6CF6DC2F
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FileModuleName
                                                                          • String ID:
                                                                          • API String ID: 514040917-0
                                                                          • Opcode ID: 333753f3b583287dcbb7840d870e36c3047fb7f7b32c0b3f563d582beb6cd8b6
                                                                          • Instruction ID: 1f390a7c5377c3e987bf67bfea275d47daa852260e53ec5b9090889eeb728972
                                                                          • Opcode Fuzzy Hash: 333753f3b583287dcbb7840d870e36c3047fb7f7b32c0b3f563d582beb6cd8b6
                                                                          • Instruction Fuzzy Hash: 96218E71E01518EFCB01DF5AC880A8EB7F9EF89708B3084A8E414E7B14D770AE45CB90
                                                                          Function 6CEBEE60 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LCMapStringW.KERNEL32(00002000,01000100,00000000,?,00000000,?), ref: 6CEBEEC8
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: String
                                                                          • String ID:
                                                                          • API String ID: 2568140703-0
                                                                          • Opcode ID: c786390542c2c98258bbdc252f76ed549470af0bc085628b048e96bd083adf9f
                                                                          • Instruction ID: f0eeee76ef28191e00052b47da81baa5538cfad532f4070e35f678c5230e0aaf
                                                                          • Opcode Fuzzy Hash: c786390542c2c98258bbdc252f76ed549470af0bc085628b048e96bd083adf9f
                                                                          • Instruction Fuzzy Hash: 63011E35609611AFD311DF19C6C0A6EB7F8EF89628F20856CF994AB750C730AC45CBA2
                                                                          Function 6CF6DD14 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LoadTypeLibEx.OLEAUT32(00000000,00000002,00000000), ref: 6CF6DD4A
                                                                            • Part of subcall function 6CE9A260: SysFreeString.OLEAUT32(?), ref: 6CE9A26E
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FreeLoadStringType
                                                                          • String ID:
                                                                          • API String ID: 1535477946-0
                                                                          • Opcode ID: 236eab4e7653ead463b530013cae8a664679a9806ddc6fe9348d3df3e3f86e4b
                                                                          • Instruction ID: c3c11961d3628377f19b7989ca97c936885176dd152725a08303cf66b2a917e4
                                                                          • Opcode Fuzzy Hash: 236eab4e7653ead463b530013cae8a664679a9806ddc6fe9348d3df3e3f86e4b
                                                                          • Instruction Fuzzy Hash: A6F08C30A48608AAE711EB66CD12A9E76ACDF49A08F714876E400D3F40DB25AE0891A5
                                                                          Function 6CE9EE35 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LCMapStringW.KERNEL32(00002000,01000100,00000000,?,00000000,?), ref: 6CEBEEC8
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: String
                                                                          • String ID:
                                                                          • API String ID: 2568140703-0
                                                                          • Opcode ID: 9322ce52ea2832141b6dbb203b0a7fcc40c8335763ad4c013fa2752c1e68ab94
                                                                          • Instruction ID: 6ce262aec2f6a27ecf16fbb4becf2c4d456677df3fc4dc36ba4569840cdaf6a2
                                                                          • Opcode Fuzzy Hash: 9322ce52ea2832141b6dbb203b0a7fcc40c8335763ad4c013fa2752c1e68ab94
                                                                          • Instruction Fuzzy Hash: 31E04F76648501AF6300D619DE85DBB73FCDF86369B2040ADF940FB714DB30A80A86A6
                                                                          Function 6CE9D790 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(6CE90000,?,00000105), ref: 6CE9D7AE
                                                                            • Part of subcall function 6CE9EA44: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6CE9EB00,?,6CE90000,6CF77C24), ref: 6CE9EA80
                                                                            • Part of subcall function 6CE9EA44: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,6CE9EB00,?,6CE90000,6CF77C24), ref: 6CE9EAD1
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: FileModuleName$LibraryLoad
                                                                          • String ID:
                                                                          • API String ID: 4113206344-0
                                                                          • Opcode ID: 4c2e90f54ab9233cbab13b7b0330d78595d98c7e9b46490739ad1093331659aa
                                                                          • Instruction ID: fb770fa7304010ac06707b509984f511e6037171d679395c70c82c5af3d50c35
                                                                          • Opcode Fuzzy Hash: 4c2e90f54ab9233cbab13b7b0330d78595d98c7e9b46490739ad1093331659aa
                                                                          • Instruction Fuzzy Hash: 10E0ED75A017209FDB00CE6CC9C0E8677F4AB09758F144A55ED54CF356E371D91487D1
                                                                          Function 6CE93186 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetFileAttributesW.KERNEL32(6CE933C8,?,?,6CE933C8,?), ref: 6CE931A9
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesFile
                                                                          • String ID:
                                                                          • API String ID: 3188754299-0
                                                                          • Opcode ID: 8995789e999a86265736a61bc07e58fa5ee5eae334195c99d1b69f2c638a264b
                                                                          • Instruction ID: c09ff068b6e49899abe2d03856a23ad2e6a58db8fe0aa79b501eb03ad817d703
                                                                          • Opcode Fuzzy Hash: 8995789e999a86265736a61bc07e58fa5ee5eae334195c99d1b69f2c638a264b
                                                                          • Instruction Fuzzy Hash: 65F015B1C08218EFEF009FA9D9096ACBBB0FB10318F208699D424A66A0E7715A458B44
                                                                          Function 6C9D189C Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetDlgItemTextA.USER32(6C9D3FC2,?), ref: 6C9D18B4
                                                                            • Part of subcall function 6C9D111E: _Deallocate.LIBCONCRT ref: 6C9D112D
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DeallocateItemText
                                                                          • String ID:
                                                                          • API String ID: 3295671248-0
                                                                          • Opcode ID: ddced73203507e9910fb926cf23a8c3457190ed58808e550467b6c0011809c7b
                                                                          • Instruction ID: 89b6978cd2042c7356aab8ab7eed6b82373980738581203d4d82eb1f7f1cc14b
                                                                          • Opcode Fuzzy Hash: ddced73203507e9910fb926cf23a8c3457190ed58808e550467b6c0011809c7b
                                                                          • Instruction Fuzzy Hash: D3D06C3220450DEBCF059E84E840CE937B8AB29324BA0C125BA294A521D731E6A4DB50
                                                                          Function 6C9D19D9 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetWindowTextA.USER32(6C9D3F95), ref: 6C9D19EE
                                                                            • Part of subcall function 6C9D111E: _Deallocate.LIBCONCRT ref: 6C9D112D
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DeallocateTextWindow
                                                                          • String ID:
                                                                          • API String ID: 2658318031-0
                                                                          • Opcode ID: d151ebf8386fe3ea0a26d511638ae8817c6badc70aa06eda8afb6b5f44c340a9
                                                                          • Instruction ID: f1fa6803dfbe80e0ae15ca872fa42f8f5ddb2eaec1932f84bdb0aacfb0724cb3
                                                                          • Opcode Fuzzy Hash: d151ebf8386fe3ea0a26d511638ae8817c6badc70aa06eda8afb6b5f44c340a9
                                                                          • Instruction Fuzzy Hash: D8D0923220450DEBDB04DE55E8408A93BB8AB25340B908025A9194A521D731E7A9DF90
                                                                          Function 6C9D1999 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9D17F3: GetDlgItem.USER32(000204D4,6C9D3FC7), ref: 6C9D17FF
                                                                          • ShowWindow.USER32(00000000,6C9D3FC7,00000005,?,6C9D33E4,0000560D,?,6C9FD7E0), ref: 6C9D19AC
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ItemShowWindow
                                                                          • String ID:
                                                                          • API String ID: 3351165006-0
                                                                          • Opcode ID: 7451eacb9ddbf08c6b649a7edba34e445133e892dfad639ce4d3a332a8720ae2
                                                                          • Instruction ID: 3179905c17034517c8787231967b9a37c5441bb05ef564d22d6ab6f1cf95bf33
                                                                          • Opcode Fuzzy Hash: 7451eacb9ddbf08c6b649a7edba34e445133e892dfad639ce4d3a332a8720ae2
                                                                          • Instruction Fuzzy Hash: 61C02B7310070873CB002AA1DC0DD477A1DAB7BB60F008000F400197509E33E1109662
                                                                          Function 6C9D195A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 6C9D17F3: GetDlgItem.USER32(000204D4,6C9D3FC7), ref: 6C9D17FF
                                                                          • ShowWindow.USER32(00000000,6C9D3FC7,00000000,?,6C9D33C9,0000560D,?,?,?,6C9D3FC7,00005603), ref: 6C9D196D
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ItemShowWindow
                                                                          • String ID:
                                                                          • API String ID: 3351165006-0
                                                                          • Opcode ID: 0ffc8631d2ffa789ba46ae3cb2ae9abaf839dec86fd24f605f3698a6d5408d41
                                                                          • Instruction ID: e765e1a75eb0307cd6229921c78bdb2f95b84624fcc622673191fb7cc6acf13d
                                                                          • Opcode Fuzzy Hash: 0ffc8631d2ffa789ba46ae3cb2ae9abaf839dec86fd24f605f3698a6d5408d41
                                                                          • Instruction Fuzzy Hash: 63C09BB314470877DB041AA1DC05F567A1D9B7BA60F508011F515597518E73F5109566
                                                                          Function 6C9D1881 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetDlgItemInt.USER32(000055F6,?,00000000), ref: 6C9D1892
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: Item
                                                                          • String ID:
                                                                          • API String ID: 3207170592-0
                                                                          • Opcode ID: d97920d07e760e01979f1829677cb84b63f9e968810f6fef49210ba874583d48
                                                                          • Instruction ID: 21287335dfdf3c53174d597d1de0a7029228cf00257c784a9570eb6542ccef20
                                                                          • Opcode Fuzzy Hash: d97920d07e760e01979f1829677cb84b63f9e968810f6fef49210ba874583d48
                                                                          • Instruction Fuzzy Hash: 56C04C3714420CFBCF415E81FC05F897F79EB59761F208011F6140816086725660AB54
                                                                          Function 6CEA0508 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: InfoSystem
                                                                          • String ID:
                                                                          • API String ID: 31276548-0
                                                                          • Opcode ID: 6d27a0393cf137aee9d9f768ab2aab9f51078f9c009fa59f11e08fc34549e95f
                                                                          • Instruction ID: c9e6ebc15080361084bcfd4f759c413215917afe26bf551693f4cd4ac87f6e96
                                                                          • Opcode Fuzzy Hash: 6d27a0393cf137aee9d9f768ab2aab9f51078f9c009fa59f11e08fc34549e95f
                                                                          • Instruction Fuzzy Hash: 05A012104094040AC404D7284C4244F32901E40414FC40314A85C95781E715856902DB
                                                                          Function 6CE955FC Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,6CE95C17,?,6CE9E6D3,00000000,?,?,6CE9E66C,00000000,6CE9E691), ref: 6CE95613
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164831084.000000006CE94000.00000080.00000001.01000000.0000000C.sdmp, Offset: 6CE90000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164751404.000000006CE90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164793629.000000006CE91000.00000040.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165014812.000000006CF76000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165044837.000000006CF77000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165079867.000000006CF78000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165107809.000000006CF79000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165134312.000000006CF7B000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165166207.000000006CF7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165201007.000000006CF81000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF85000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4165234450.000000006CF87000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6ce90000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: c216a289624d1fc1bfc7f380ef945dae21114090166aae9d1f384ba78f626dea
                                                                          • Instruction ID: 3b9f6b9338c6be6884e5488ce01d140e8519154ff6960c64491fe10dffb3093f
                                                                          • Opcode Fuzzy Hash: c216a289624d1fc1bfc7f380ef945dae21114090166aae9d1f384ba78f626dea
                                                                          • Instruction Fuzzy Hash: 48F081F2F112114BFF59EF7899517427BE4A70A396F21423EE908EBB84D6B088018790

                                                                          Non-executed Functions

                                                                          Function 6C9D8CFC Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,6C9D8C05,6C9D5A0D,6C9D5CCA), ref: 6C9D8D0A
                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6C9D8D18
                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6C9D8D31
                                                                          • SetLastError.KERNEL32(00000000,?,6C9D8C05,6C9D5A0D,6C9D5CCA), ref: 6C9D8D83
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastValue___vcrt_
                                                                          • String ID:
                                                                          • API String ID: 3852720340-0
                                                                          • Opcode ID: 6428b90cd258be77614de62fabf7e0b908aee289263e1215312140285027edfc
                                                                          • Instruction ID: a09e303f0ac22cfa43bcdce69bfe21affa8b201e49ee204a3bdd664651f1210b
                                                                          • Opcode Fuzzy Hash: 6428b90cd258be77614de62fabf7e0b908aee289263e1215312140285027edfc
                                                                          • Instruction Fuzzy Hash: 7B01DD3220DE119E9B68297A6C8574A267CDB3B37D736C32BE12465FD1EF11EC069188
                                                                          Function 6C9E2C2A Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(6C9D50A5,6C9D50A5,00000002,6C9E0F4B,6C9E2D72,00000000,?,6C9D6B8F,00000002,00000000,6C9D23BE,?,?,6C9D2303,6C9D50A5,00000004), ref: 6C9E2C2F
                                                                          • _free.LIBCMT ref: 6C9E2C64
                                                                          • _free.LIBCMT ref: 6C9E2C8B
                                                                          • SetLastError.KERNEL32(00000000,?,6C9D50A5), ref: 6C9E2C98
                                                                          • SetLastError.KERNEL32(00000000,?,6C9D50A5), ref: 6C9E2CA1
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$_free
                                                                          • String ID:
                                                                          • API String ID: 3170660625-0
                                                                          • Opcode ID: ed3ec4b0adb76f85c6644a488582286055fb5d8378170771229e5862e7907a01
                                                                          • Instruction ID: 4546af1edcf5acf3541c823318d9bbe4a48508e2042a5de46939bb03b53bebf8
                                                                          • Opcode Fuzzy Hash: ed3ec4b0adb76f85c6644a488582286055fb5d8378170771229e5862e7907a01
                                                                          • Instruction Fuzzy Hash: 56018676249E02AB93031675DD8CA4B27BDAFFE7A97250169F915D2B40EF71C4064160
                                                                          Function 6C9E1C68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe,00000104), ref: 6C9E1CA8
                                                                          • _free.LIBCMT ref: 6C9E1D73
                                                                          • _free.LIBCMT ref: 6C9E1D7D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: _free$FileModuleName
                                                                          • String ID: C:\Users\user\AppData\Local\Programs\VIRTINS UART Manager\MIs.exe
                                                                          • API String ID: 2506810119-698041861
                                                                          • Opcode ID: be1b76d58d4f985f767143daf40bf4589293e54f92ea21ae1d29baf6b3b58e0a
                                                                          • Instruction ID: 960e2cb5014272de8f75c90f3546ecdcd006bdb3b4e931ce800f55125a470e31
                                                                          • Opcode Fuzzy Hash: be1b76d58d4f985f767143daf40bf4589293e54f92ea21ae1d29baf6b3b58e0a
                                                                          • Instruction Fuzzy Hash: 02315271A04658EFDB128F99D8849DEBBFCEFAA714B204056E814DB701D770CA85CB51
                                                                          Function 6C9EB465 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,?,6C9EB383,?), ref: 6C9EB4BB
                                                                          • GetLastError.KERNEL32(?,6C9EB383,?), ref: 6C9EB4C5
                                                                          • __dosmaperr.LIBCMT ref: 6C9EB4F0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                                          • String ID: ck
                                                                          • API String ID: 2583163307-1887507496
                                                                          • Opcode ID: 393a889ea666700754e5ea736535d79736fd9e6d6b66fbdf85f2e39d62cf4f44
                                                                          • Instruction ID: 6a5a673063a32cea753eab7d4c15008c6eafe6b53a8441c0cbbe5a12828c35e2
                                                                          • Opcode Fuzzy Hash: 393a889ea666700754e5ea736535d79736fd9e6d6b66fbdf85f2e39d62cf4f44
                                                                          • Instruction Fuzzy Hash: ED01483360D2305AC3431635A8547AD277D5FBF73CF3A0208EE1987AC1EF64C8848154
                                                                          Function 6C9D4C55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • 6F551CD0.COMCTL32(?,?,?,?,6C9D4324,00000008), ref: 6C9D4C80
                                                                          • GetDesktopWindow.USER32 ref: 6C9D4C86
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000A.00000002.4164513072.000000006C9D1000.00000040.00000001.01000000.00000009.sdmp, Offset: 6C9D0000, based on PE: true
                                                                          • Associated: 0000000A.00000002.4164480973.000000006C9D0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164550238.000000006C9ED000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164580420.000000006C9F5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164609917.000000006C9FC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA00000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          • Associated: 0000000A.00000002.4164668074.000000006CA27000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_10_2_6c9d0000_MIs.jbxd
                                                                          Similarity
                                                                          • API ID: DesktopF551Window
                                                                          • String ID: 3Ro
                                                                          • API String ID: 2808417363-1492261280
                                                                          • Opcode ID: 40e3b845143d5d8c06a43e21b62cf51c33f24a02fe3ad12912fefd958a870ad3
                                                                          • Instruction ID: baeb8dfc2d83fd22597dc3837cd6403c513506f4c198b9a953f7d390ece3c6cb
                                                                          • Opcode Fuzzy Hash: 40e3b845143d5d8c06a43e21b62cf51c33f24a02fe3ad12912fefd958a870ad3
                                                                          • Instruction Fuzzy Hash: 73E04FB6614208FFDF44DF61C40994E7BF8FF1A31AF248129E851D6300E770A6448F50